Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets’ systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.
Read More
We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.
Read More
Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.
We trailed Patchwork’s activities over the course of its campaigns in 2017. The diversity of their methods is notable—from the social engineering hooks, attack chains, and backdoors they deployed. They’ve also joined the Dynamic Data Exchange (DDE) and Windows Script Component (SCT) abuse bandwagons and started exploiting recently reported vulnerabilities. These imply they’re at least keeping an eye on other threats and security flaws that they can repurpose for their own ends. Also of note are its attempts to be more cautious and efficient in their operations.
Read More
Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.
Read More
A newly-discovered information theft campaign in India has stolen passport scans, photo IDs, and tax information from 160 Indian military officers, military attaches stationed in the said country, consultants, and resellers. Some evidence suggests that the attackers are based out of Pakistan, although no evidence suggests ties to the government.
This operation was not particularly sophisticated, however it was still able to acquire sensitive information that was probably acquired from restricted sources within the Indian government. This shows that targeted attacks don’t need to be well-planned operations backed by a big budget and sufficient resources. What attackers may lack in technical sophistication, they can make up for through tenacity, persistence, and clever social engineering.
Read More