SAS 2021: Operation Software Concepts
2021-10-12 18:00:04 Author: securelist.com(查看原文) 阅读量:26 收藏

APT reports

APT reports

minute read

During the ‘Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon‘ talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security (Japan) will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting Russian and Mongolian governments and defense sector with droppers, RAT and other malware. The researches will also show some connections between the campaign and various APT groups, such as APT31, Tonto and Mofang.

Reports

Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector.

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.


文章来源: https://securelist.com/sas-2021-operation-software-concepts/104504/
如有侵权请联系:admin#unsafe.sh