group (Elfin) known for explicitly targeting on corporate networks has now set its
sights by focusing on various organizations in Saudi Arabia and US by sending
an assortment of malware in their system.
organizations in various countries since 2015, so far its attackers have
bargained a wide range of targets including, governments alongside associations
in the research, chemical, engineering, manufacturing, consulting, finance,
telecoms, and several other sectors.
particular target and later use it for either command and control server or
malware attacks if the site will be undermined effectively.
In spite of the fact that the gathering fundamentally
focused on Saudi Arabia, with the 42% of attacks since 2016 and it’s
compromised 18 organizations in the U.S alone in the course of recent years.
any case, for this situation, Elfin focused on organization including
engineering, chemical, research, energy consultancy, finance, IT, and
healthcare sectors in the U.S alone.
open source hacking instruments, custom malware, and commodity malware to
compromise the diverse targets.
Elfin Adept utilizes various openly accessible hacking
- LaZagne (SecurityRisk.LaZagne): A login/password retrieval
- Mimikatz (Hacktool.Mimikatz): Tool designed to steal
- Gpppassword: Tool used to obtain and decrypt Group Policy
Preferences (GPP) passwords
- SniffPass (SniffPass): Tool designed to steal passwords by
sniffing network traffic
Additionally, numerous commodity malware tools were utilized
for these attacks and the malware accessible for purchase on the digital
- DarkComet (Backdoor.Breut)
- Quasar RAT (Trojan.Quasar)
- NanoCore (Trojan.Nancrat)
- Pupy RAT (Backdoor.Patpoopy)
- NetWeird (Trojan.Netweird.B)
Notestuk (Backdoor.Notestuk), a malware in order to access the backdoor and
assembling the data, Stonedrill (Trojan.Stonedrill), a custom malware equipped
for opening a secondary passage on an infected PC and downloading the