Attacks by both hacking operations mostly involved the delivery of malicious emails seeking a review of a purportedly encrypted PDF attachment, which seeks targets' password and two-factor authentication code to facilitate email access and online storage compromise.
Intrusions aimed at exfiltrating credentials from nearly a dozen former and current U.S. officials and people associated with the campaigns of former President Donald Trump and President Joe Biden were conducted by APT42 between May and June.
Such a loss stemmed from unknown attackers luring a non-executive employee to conduct several outbound wire transfers to their controlled accounts, said Orion in a filing with the Securities and Exchange Commission.
By giving users specific feedback on recent attacks and offering interactive forums, companies can keep their staffs up-to-speed on the latest threats.
Intrusions commenced with the delivery of phishing emails with RAR archives deploying a backdoor that facilitated the injection of the APT31-linked GrewApacha trojan, as well as a new version of the CloudSorcerer malware that bypasses detection through VMProtect.
