We found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group’s sponsor. In this research brief, we show the timeline of the group’s activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.Read More
Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets’ systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.Read More
We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.Read More
Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.
We trailed Patchwork’s activities over the course of its campaigns in 2017. The diversity of their methods is notable—from the social engineering hooks, attack chains, and backdoors they deployed. They’ve also joined the Dynamic Data Exchange (DDE) and Windows Script Component (SCT) abuse bandwagons and started exploiting recently reported vulnerabilities. These imply they’re at least keeping an eye on other threats and security flaws that they can repurpose for their own ends. Also of note are its attempts to be more cautious and efficient in their operations.Read More
Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.Read More