Espionage Group Aka Apt33 Targeting Various Organization in Saudi Arabia and US by Deploying A Variety of Malware In Their Network

Espionage Group Aka Apt33 Targeting Various Organization in Saudi Arabia and US by Deploying A Variety of Malware In Their Network

An unceasing surveillance group otherwise known as APT33
group (Elfin) known for explicitly targeting on corporate networks has now set its
sights by focusing on various organizations in Saudi Arabia and US by sending
an assortment of malware in their system.
The hacker group which has reportedly compromised around 50
organizations in various countries since 2015, so far its attackers have
bargained a wide range of targets including, governments alongside associations
in the research, chemical, engineering, manufacturing, consulting, finance,
telecoms, and several other sectors.
The cybercriminals scan the defenseless sites of a
particular target and later use it for either command and control server or
malware attacks if the site will be undermined effectively.

In spite of the fact that the gathering fundamentally
focused on Saudi Arabia, with the 42% of attacks since 2016 and it’s
compromised 18 organizations in the U.S alone in the course of recent years.

 In
any case, for this situation, Elfin focused on organization including
engineering, chemical, research, energy consultancy, finance, IT, and
healthcare sectors in the U.S alone.
Amid the attack, Elfin is said to have used an assortment of
open source hacking instruments, custom malware, and commodity malware to
compromise the diverse targets.

Elfin Adept utilizes various openly accessible hacking
instruments, including:

  • LaZagne (SecurityRisk.LaZagne): A login/password retrieval
    tool
  • Mimikatz (Hacktool.Mimikatz): Tool designed to steal
    credentials
  • Gpppassword: Tool used to obtain and decrypt Group Policy
    Preferences (GPP) passwords
  • SniffPass (SniffPass): Tool designed to steal passwords by
    sniffing network traffic

Additionally, numerous commodity malware tools were utilized
for these attacks and the malware accessible for purchase on the digital
underground including:

  • DarkComet (Backdoor.Breut)
  • Quasar RAT (Trojan.Quasar)
  • NanoCore (Trojan.Nancrat)
  • Pupy RAT (Backdoor.Patpoopy)
  • NetWeird (Trojan.Netweird.B)

Other than these, the custom malware family incorporates
Notestuk (Backdoor.Notestuk), a malware in order to access the backdoor and
assembling the data, Stonedrill (Trojan.Stonedrill), a custom malware equipped
for opening a secondary passage on an infected PC and downloading the
additional records.

Leave a Reply

Your email address will not be published. Required fields are marked *