Quick take - The NSHC Threat Research Lab’s report details the activities of 47 identified Threat Actor groups from August 21 to September 20, 2024, highlighting their primary targets in the finance and government sectors, with a significant focus on North America and East Asia, and providing insights into their tactics and methods.

Fast Facts

The NSHC Threat Research Lab identified 47 Threat Actor Groups active from August 21 to September 20, 2024, with SectorA groups responsible for 46% of activities, primarily targeting finance and government sectors.
North America and East Asia experienced the highest frequency of cyberattacks, with various groups employing tactics like spear-phishing, malware distribution, and exploiting vulnerabilities.
Notable activities included SectorA groups using recruitment tactics and malicious files, while SectorB groups targeted government institutions using backdoor malware and spear-phishing.
SectorC and SectorD groups engaged in watering hole attacks, information theft, and ransomware, with specific focus on U.S. industries and government systems.
The report provides detailed events, Indicators of Compromise (IoCs), and recommendations for NSHC ThreatRecon customers, highlighting the diverse methods used by 18 Cyber Crime groups focused on financial gain.

NSHC Threat Research Lab Report

The NSHC Threat Research Lab has released a detailed report analyzing the activities of various Threat Actor groups from August 21, 2024, to September 20, 2024. During this period, 47 Threat Actor Groups were identified, with SectorA groups responsible for 46% of the activities. The finance and government sectors were the primary targets of these cyberattacks, with North America and East Asia experiencing the highest frequency of hacking incidents.

Sector Analysis

SectorA

In SectorA, six active hacking groups were identified:

SectorA01: Operated in Japan, the Netherlands, Canada, and the United States, using recruitment tactics to spread malicious files.
SectorA03: Active in Hong Kong and Germany, utilizing DLL malware with encryption to gather system information.
SectorA04: Targeted Italy and Colombia, distributing malicious PDF files disguised as recruitment materials.
SectorA05: Focused on the United States and other nations, using Windows shortcut malware disguised as policy proposals.
SectorA06: Targeted macOS users in Austria, distributing Mach-O malware disguised as Discord applications.
SectorA07: Engaged in spear-phishing campaigns in the United States and South Korea, impersonating legitimate customer service communications.

The aim of SectorA groups was to collect information on South Korean government activities and secure financial resources globally.

SectorB

In SectorB, eight groups were identified:

SectorB01: Used multiplatform backdoor malware across several countries.
SectorB08: Targeted Middle Eastern government agencies, distributing web shells and backdoor malware.
SectorB22: Focused on government institutions in the Asia-Pacific region, employing removable drives and spear-phishing tactics for access.
SectorB62: Targeted Southeast Asian government agencies, utilizing open-source tools.
SectorB72: Exploited vulnerabilities in Microsoft Exchange Server, accessing government institutions in Germany.
SectorB79: Targeted military and telecommunications sectors in Southeast Asia, using multilayered Botnet malware.
SectorB100: Exploited Cisco NX-OS vulnerabilities for malware distribution.
SectorB103: Aimed at government institutions and telecommunications, using OSGeo GeoServer vulnerabilities.

SectorC and Beyond

In SectorC, four hacking groups were identified:

SectorC04: Conducted watering hole attacks in the United States, exploiting vulnerabilities in iOS and Google Chrome.
SectorC08: Deployed HTML malware in Ukraine, executing obfuscated code.
SectorC15: Targeted key industries in the United States, using malware designed for information theft and system destruction.
SectorC22: Created phishing websites disguised as secure email services to collect credentials.

In SectorD, five groups were recognized, including:

SectorD01: Utilized government email accounts for command and control operations in Iraq and Pakistan.
SectorD02: Employed spear phishing tactics in Israel to gain control over targeted systems.
SectorD12: Distributed malware disguised as PDF documents, targeting the United States and UAE.
SectorD16: Exploited vulnerabilities in network devices, carrying out ransomware attacks.
SectorD28: Accessed systems via web shells, facilitating further malicious activities in various countries.

In SectorE, two groups were noted:

SectorE01: Employed spear phishing with compressed files across multiple countries to control systems and steal data.
SectorE05: Distributed malicious Windows help files in China, enabling future attacks.

In SectorF, one group was identified:

SectorF01: Operated in Vietnam and Japan, targeting a non-profit organization for information theft.

In SectorH, one group was identified:

SectorH03: Active in Japan, India, and the UAE, using malicious Linux files disguised as cybersecurity documents.

In SectorS, one group was noted:

SectorS01: Targeted the insurance sector in Colombia, employing spear phishing with ZIP files for data theft.

In SectorT, one group was identified:

SectorT01: Active in Germany, utilizing Excel file malware disguised as Ministry of Defense contact information.

Cyber Crime Overview

In the Cyber Crime category, 18 groups were recognized, primarily focusing on information theft for financial gain. They employed various malware and attack methods, including phishing, ransomware deployment, and exploitation of web application vulnerabilities. Specific tactics included formjacking, brute-force attacks, and the use of stealer malware.

The full report contains detailed events, Indicators of Compromise (IoCs), and tailored recommendations for NSHC ThreatRecon customers.

Original Source: Read the Full Article Here