Researchers at security firm Mandiant have published a detailed analysis of the campaign, noting that at least fifty organizations were targeted in two separate waves in December 2020.
Of note is the fact that the attacks deployed three completely new malware strains into their victim’s computers with the help of tailored phishing lures.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- We've assembled a list of the best endpoint protection software
- These are the best firewalls on the market
- Also check out our roundup of the best disaster recovery services
“Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced,” say the researchers.
The researchers believe the threat actors behind the campaign employed considerable infrastructure to conduct the attacks, including the use of the about fifty domains to deliver the custom phishing emails.
It appears that while the campaign was global, a majority of the targets in both waves were in the US, though it also attacked organizations in EMEA (Europe, the Middle East, and Africa), Asia, and Australia regions.
The researchers note that the threat actors also invested time to tailor their attacks to make their phishing emails look as genuine messages from professionals their targets correspond with.
Mandiant also notes that the malware used in the campaign not only attempts to evade detection by deploying its payload in-memory whenever possible, it is also heavily obfuscated to hinder analysis.
“Although Mandiant has no evidence about the objectives of this threat actor, their broad targeting across industries and geographies is consistent with a targeting calculus most commonly seen among financially motivated groups,” conclude the researchers.
- Protect your devices with these best antivirus software