In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan. In the course of the research, Kaspersky was able to identify over a dozen of attacked organizations. The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions.
ADVERSARY: TA428
MALWARE FAMILIES: Ladon, PortDoor, nccTrojan, Cotx, DNSep, Logtu, CotSam
ATT&CK IDS: T1560 - Archive Collected Data, T1041 - Exfiltration Over C2 Channel, T1203 - Exploitation for Client Execution, T1193 - Spearphishing Attachment, T1049 - System Network Connections Discovery, T1547 - Boot or Logon Autostart Execution, T1592 - Gather Victim Host Information, T1590 - Gather Victim Network Information, T1001 - Data Obfuscation, T1036 - Masquerading, T1038 - DLL Search Order Hijacking, T1055 - Process Injection, T1105 - Ingress Tool Transfer, T1210 - Exploitation of Remote Services, T1053 - Scheduled Task/Job, T1558.001 - Golden Ticket
Read More:
Comments