Researchers at security company Mandiant have published a detailed analysis of the campaign, pointing out that at least fifty organizations were targeted in two separate waves in December 2020.
It is noteworthy that the attacks sent three completely new strains of malware to the victim’s computers through customized network spoofing.
We’ll look at how our readers use VPN in a future in-depth report. We would love to hear your views on the survey below. It won’t take more than 60 seconds of your time.
“Based on the considerable infrastructure used, customized phishing topics, and the professionally coded sophistication of malware, this threat seems to be experienced and well-resourced,” the researchers say.
It appears that while the campaign was global, most of the targets in both waves were in the United States, although it also attacked organizations in EMEA (Europe, the Middle East and Africa), Asia and Australia.
Investigators point out that threat actors also took the time to tailor their attacks to make Phishing Messages display genuine professional messages that targets respond to.
Mandiant also points out that the malware used in the campaign not only tries to avoid identification by placing its payload in memory whenever possible, it is also confused to block analysis.
“While Mandiant has no evidence of the objectives of this threat, their broad targeting by industry and geographic areas is consistent with the targeting bill most commonly seen in economically motivated groups,” the researchers conclude.
Through Sleeping computer