November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2022-26905 – Microsoft Edge (Chromium-based) Vulnerability
June 6, 2022Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
June 6, 2022Rewterz Threat Advisory – CVE-2022-26905 – Microsoft Edge (Chromium-based) Vulnerability
June 6, 2022Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
June 6, 2022
Severity
High
Analysis Summary
A long-running cyber-espionage campaign conducted by China-linked state-sponsored hackers is targeting Russia-based defense research institutes and another entity in Belarus. The campaign targeted defense research institutes focused belong to a Russian state-owned defense conglomerate Rostec Corporation, Russia’s largest holding company in the radio-electronics industry. These institutes are responsible for the development of electronic warfare systems, military-specialized onboard radio-electronic equipment, air-based radar stations, and means of state identification.
According to researchers: These campaigns are attributed to an APT group “Twisted Panda,” with connections to another Chinese state-backed hacker group Stone Panda (aka APT10). The hackers employ previously unseen technologies, such as a complex multi-layered loader and a backdoor known as SPINNER. On March 23, several Russian defense research institutions received phishing emails with the subject “List of individuals under US sanctions for invading Ukraine.” The emails could be accessible via a link to a fake Russian Health Ministry website minzdravros[.]com.
On the same day, an email with the subject “US Spread of Deadly Pathogens in Belarus” was sent to an unknown entity in Minsk, Belarus. The documents included to this email are designed to look to be official documents, bearing the official emblems and titles of the Russian Ministry of Health.
The growth of the tools and techniques throughout this time span demonstrates that the campaign’s actors are committed to achieving their aims in a covert manner.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 3855dc19811715e15d9775a42b1a6c55
SHA-256
- defd44e440403033f9a0f222439c2b6a2bd670817dd483ad1bbae11c30e81034
SHA-1
- 388a1481b7887ebf56de26717c3ddabd6c447442
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.