The financially motivated threat gang, referred to as UNC2529, is targeting many organizations in the US and other countries. The group shows professional and experienced coding of their malware and custom lures.
Although two distinct attacks took place at the end of 2020, three new malware families have been employed by the group. The malware is tracked as:
The phishing messages include links to a malicious website that serves the malware. The targeted organizations are mainly in the business sector, healthcare sector, retail sector, and engineering and manufacturing. In some attacks, weaponized Excel documents are used as a downloader.
The attackers used extensive use of fileless malware and obfuscation to evade detection and the backdoors employed in the attacks are very sophisticated.
“UNC2529 is assessed as capable, professional, and well resourced. The identified wide-ranging targets, across geography and industry, suggests a financial crime motive.” concludes the report which also included indicators of compromise and other technical indicators for the attacks.”