7/23/2023 0 Comments Lazarus group motives![]() The goal of the operation is espionage, and Symantec thinks the duration of Antlion's persistence in compromised networks is "notable." It's been able to spend months inside its targets, giving it ample time to survey and collect information. Its attacks are marked by the installation of the xPack backdoor. Symantec researchers on Thursday released a report on the recent activities of Antlion, a Chinese government-directed advanced persistent threat that's been working against financial services in Taiwan over the past eighteen months. The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine."Īntlion targets Taiwanese financial organizations. The researchers stated, "Symantec observed Shuckworm activity on an organization in Ukraine, which began on Jand continued until August 18, 2021. Researchers at Symantec have also observed recent attacks by Gamaredon (which they track as "Shuckworm"), and they cite Ukraine's SSU on attribution of the group to Russia's FSB. ![]() "As international tensions surrounding Ukraine remain unresolved, Gamaredon’s operations are likely to continue to focus on Russian interests in the region." For further background on Gamaredon's recent activity, Unit 42 recommends the study Estonia's CERT-EE published early last week. "Gamaredon has been targeting Ukrainian victims for almost a decade," Unit 42 concludes. The FSB's attentions to Ukraine are nothing new, and are likely to continue. ![]() The campaign relied on phishing for its initial access. Palo Alto Networks' Unit 42 reports that Gamaredon (or Primitive Bear), a threat actor associated with Russia's FSB, has been active against an unnamed Western government "entity" in Ukraine. Should the conflict escalate, CrowdStrike expects Voodoo Bear to step up destructive wiper attacks. The recent information operations in the campaign CrowdStrike calls WhisperedDebate are assessed as preparation. Voodoo Bear has a long history of servicing Ukrainian targets that goes back to 2014, the year Russia seized and annexed Ukraine’s Crimean region. They attribute most of the activity against Ukrainian targets to Voodoo Bear, a unit operating under the direction of Russia’s GRU military intelligence service. CrowdStrike last Friday released its analysis of the probable course of Russian cyber action against Ukraine.
0 Comments
Leave a Reply. |