Intrusions part of Operation Cobalt Whisper that ran between May and September 2024 involved spear-phishing emails with ZIP archives that distributed Cobalt Strike beacons, LNK and Visual Basic Scripts, and a post-exploitation framework, according to an analysis from Seqrite Labs. Spear-phishing emails have also been leveraged to facilitate the distribution of malicious LNK files that inject the Blister DLL loader and INET RAT as part of Operation AmberMist, which took place between January and May, said researchers, who also noted the impersonation of Pakistan's Ministry of Maritime Affairs to trigger Shadow RAT-executing PowerShell commands. "The group demonstrates high adaptability and technical proficiency, continuously evolving their toolset while maintaining consistent tactics, techniques, and procedures," said Seqrite Labs researcher Subhajeet Singha.
Threat Intelligence
Asia subjected to new cyberespionage campaigns
Suspected Southeast Asian threat operation UNG0002 has been targeting various organizations in various sectors across China, Hong Kong, and Pakistan as part of two key attack campaigns that commenced last May, The Hacker News reports.
Intrusions part of Operation Cobalt Whisper that ran between May and September 2024 involved spear-phishing emails with ZIP archives that distributed Cobalt Strike beacons, LNK and Visual Basic Scripts, and a post-exploitation framework, according to an analysis from Seqrite Labs. Spear-phishing emails have also been leveraged to facilitate the distribution of malicious LNK files that inject the Blister DLL loader and INET RAT as part of Operation AmberMist, which took place between January and May, said researchers, who also noted the impersonation of Pakistan's Ministry of Maritime Affairs to trigger Shadow RAT-executing PowerShell commands. "The group demonstrates high adaptability and technical proficiency, continuously evolving their toolset while maintaining consistent tactics, techniques, and procedures," said Seqrite Labs researcher Subhajeet Singha.
Intrusions part of Operation Cobalt Whisper that ran between May and September 2024 involved spear-phishing emails with ZIP archives that distributed Cobalt Strike beacons, LNK and Visual Basic Scripts, and a post-exploitation framework, according to an analysis from Seqrite Labs. Spear-phishing emails have also been leveraged to facilitate the distribution of malicious LNK files that inject the Blister DLL loader and INET RAT as part of Operation AmberMist, which took place between January and May, said researchers, who also noted the impersonation of Pakistan's Ministry of Maritime Affairs to trigger Shadow RAT-executing PowerShell commands. "The group demonstrates high adaptability and technical proficiency, continuously evolving their toolset while maintaining consistent tactics, techniques, and procedures," said Seqrite Labs researcher Subhajeet Singha.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds