Cybercrime group Asylum Ambuscade, which has targeted over 4,500 victims around the world since January 2022, has expanded its operations to include cyberespionage attacks targeted at European and Central Asian governments after mostly targeting North American banks, businesses, and cryptocurrency firms, reports The Record, a news site by cybersecurity firm Recorded Future.
Several European nations surrounding Ukraine have mostly been the targets of Asylum Ambuscade's cyberespionage attacks, which involve the use of spearphishing emails with malicious attachments to facilitate the distribution of the AHKBOT malware with password and file exfiltration, screenshot capturing, and keystroke monitoring capabilities, according to an ESET report. Asylum Ambuscade was also observed to have leveraged the Follina vulnerability in its attacks.
"It appears Asylum Ambuscade is branching out, running some recent cyberespionage campaigns on the side, against governments in Central Asia and Europe from time to time. It is quite unusual to catch a cybercrime group running dedicated cyberespionage operations, and as such we believe that researchers should keep close track of its activities," said ESET researcher Matthieu Faou.