We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.Read More
Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.
We trailed Patchwork’s activities over the course of its campaigns in 2017. The diversity of their methods is notable—from the social engineering hooks, attack chains, and backdoors they deployed. They’ve also joined the Dynamic Data Exchange (DDE) and Windows Script Component (SCT) abuse bandwagons and started exploiting recently reported vulnerabilities. These imply they’re at least keeping an eye on other threats and security flaws that they can repurpose for their own ends. Also of note are its attempts to be more cautious and efficient in their operations.Read More
Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.Read More
Pawn Storm, the long-running cyber espionage campaign, added to its long list of targets several government offices (including the office of the prime minister and the Turkish parliament) and one of the largest newspapers in Turkey. Pawn Storm has been known to attack a diverse list of targets–including armed forces, diplomats, journalists, political dissidents, and software developers.Read More