A guide to the latest developments in the fight against cyber-thieves APT31, who are believed to be targeting Russian companies through cloud storage, as well as providing security services for the energy sector.
REFERENCE: https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks/
ADVERSARY: APT31
TARGETED COUNTRY: Russian Federation
MALWARE FAMILY: YaRAT
ATT&CK IDS: T1204 - User Execution, T1566 - Phishing, T1587.001 - Malware, T1587.002 - Code Signing Certificates, T1547.001 - Registry Run Keys / Startup Folder, T1574 - Hijack Execution Flow, T1140 - Deobfuscate/Decode Files or Information, T1036 - Masquerading, T1112 - Modify Registry, T1027 - Obfuscated Files or Information, T1560 - Archive Collected Data, T1001 - Data Obfuscation, T1095 - Non-Application Layer Protocol, T1573.001 - Symmetric Cryptography, T1132.001 - Standard Encoding, T1132.002 - Non-Standard Encoding, T1102 - Web Service, T1020 - Automated Exfiltration, T1041 - Exfiltration Over C2 Channel
Read More:
Comments