Operation(loyalty) mercenary: a torrent of steel trapped in the plains of Eastern Europe

Qi Anxin Threat Intelligence Center has been keeping a high-intensity track on Russian-speaking threat actors and active underground forums. Recently, we observed that the world-famous Conti Group used Exchange vulnerabilities to target venture capital companies, luxury goods companies, and chip manufacturing companies in the past six months. , foreign companies and joint ventures in the manufacturing industry launched targeted attacks, these attacked companies have a common feature: "rich".

REFERENCE: https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g

TAGS: Conti, APT

ADVERSARY: Conti

MALWARE FAMILIES: Conti, HackTool:Win64/CobaltStrike

ATT&CK IDS: T1471 - Data Encrypted for Impact, T1059.001 - PowerShell, T1003 - OS Credential Dumping

Read More:

https://otx.alienvault.com/pulse/62f66aa8b4cc166e52a04436