Bread Crumbs of Threat Actors (Feb 13 – 26, 2023)

Bread Crumbs of Threat Actors (Feb 13 – 26, 2023)

March 10, 2023 | NSFOCUS

From 13 to 26 February 2023, NSFOCUS Security Labs found activity clues from 66 APT groups, one malware family (CoinMiner), and 426 threat actors targeting critical infrastructure.

APT Groups

Among the 66 APT groups discovered, the APT28 affected the most significant number of hosts from 13 to 26 February.

Number of hosts affected by APT groups from February 13 to February 26, 2023 (Click to enlarge)

Number of hosts affected by APT groups from February 13 to February 26, 2023

Threat Actors Targeting Critical Infrastructure

A total of 426 threat actors targeting critical infrastructure remained active in this period.

Distribution of activities by activity type from February 13 to February 26, 2023

Number of threat actors by target industry from February 13 to February 26, 2023

Knowledge Graphs of Highlighted APT Groups

APT28

First Discovery Time: 2020-11-13 07:38:40

Alias: Sofacy, Pawn Storm, Fancy Bear, Sednit, SNAKEMACKEREL, TsarTeam, Tsar Team, TG-4127, Group-4127, STRONTIUM, TAG_0700, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, apt_sofacy.

Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONTIUM, and its main targets are aviation, national defense, government agencies and international organizations.

Geolocation of Threat Actor: Russia

The diamond model of APT28

APT37

First Discovery Time: 2018-12-10 16:00:00

Description: APT37 has likely been active since at least 2012 and primarily targets the public and private sectors in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a broader range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities.

Geolocation of Threat Actor: North Korea

The Diamond model of APT37

MK-CC-26

First Discovery Time: 2022-05-19 11:49:41

Description: MK-CC-26 is an APT group using Cobalt Strike hacking toolkit.

The Diamond model of APT Group MK-CC-26

About NSFOCUS Security Labs

NSFOCUS Security Labs (NSL) is an internationally-recognized cybersecurity research and threat response center at the forefront of vulnerability assessment, threat hunting and mitigation research.