Bread Crumbs of Threat Actors (Dec 5, 2022 – Dec 18, 2022)

Bread Crumbs of Threat Actors (Dec 5, 2022 – Dec 18, 2022)

dezembro 26, 2022 | Adeline Zhang

From December 5, 2022 to December 18, 2022, NSFOCUS Security Labs found activity clues of 66 APT groups, 3 malware families (MoonBounce Trojans, Razy Trojans and the CoinMinder), and 509 threat actors targeting critical infrastructure.

APT Groups

Among the 66 discovered APT groups, the APT28 affected the most significant number of hosts from December 5 to December 18, 2022.

Number of hosts affected by APT groups from December 5, 2022 through December 18, 2022

Industries affected by APT groups from December 5, 2022 through December 18, 2022

Threat Actors Targeting Critical Infrastructure

A total of 509 threat actors targeting critical infrastructure remained active in this period.

Distribution of activities by activity type from December 5, 2022 through December 18, 2022
Number of threat actors by target industry from December 5, 2022 through December 18, 2022

Knowledge Graphs of Highlighted APT Groups

APT28

First Discovery Time: 2020-11-13 07:38:40

Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONGIUM, and its main targets are aviation, national defense, government agencies and international organizations.

Geolocation of Threat Actor: Russia 

Diamond model of the APT28 (Dec 5 – 18, 2022)

ScarCruft

First Discovery Time: 2018-12-10 16:00:00

Description: ScarCruft is a relatively new APT group; victims have been observed in several countries, including Russia, Nepal, South Korea, India, Kuwait and Romania. The group used to use spear phishing attacks to gain profits. ScarCruft has exploited multiple vulnerabilities, including zero-day vulnerability (CVE-2016-0147) exploitation for attacks on Adobe Flash and Microsoft Internet Explorer.

Geolocation of Threat Actor: North Korea 

Diamond model of the APT group ScarCruft (Dec 5 – 18, 2022)

SideWinder

First Discovery Time: 2020-02-12 03:10:54

Description: An actor mainly targeting Pakistan military targets, active since at least 2012.

Geolocation of Threat Actor: India 

Diamond model of the APT group SideWinder (Dec 5 – 18, 2022)

About NSFOCUS Security Labs

NSFOCUS Security Labs (NSL) is an internationally-recognized cybersecurity research and threat response center at the forefront of vulnerability assessment, threat hunting and mitigation research.