top of page
Search
Writer's pictureStormsec

APT31 renews its attacks on Russian companies through cloud storage

A guide to the latest developments in the fight against cyber-thieves APT31, who are believed to be targeting Russian companies through cloud storage, as well as providing security services for the energy sector.




ADVERSARY: APT31


TARGETED COUNTRY: Russian Federation


MALWARE FAMILY: YaRAT


ATT&CK IDS: T1204 - User Execution, T1566 - Phishing, T1587.001 - Malware, T1587.002 - Code Signing Certificates, T1547.001 - Registry Run Keys / Startup Folder, T1574 - Hijack Execution Flow, T1140 - Deobfuscate/Decode Files or Information, T1036 - Masquerading, T1112 - Modify Registry, T1027 - Obfuscated Files or Information, T1560 - Archive Collected Data, T1001 - Data Obfuscation, T1095 - Non-Application Layer Protocol, T1573.001 - Symmetric Cryptography, T1132.001 - Standard Encoding, T1132.002 - Non-Standard Encoding, T1102 - Web Service, T1020 - Automated Exfiltration, T1041 - Exfiltration Over C2 Channel


Read More:

4 views

Comments


Commenting has been turned off.
bottom of page