Some hints suggest the group has been successful enough to have recently expanded its operations, perhaps after proving its effectiveness and the value of the data stolen.
This is quite worrying, especially given the fact that no 0 days or advanced techniques were used against such high profile targets.
Targets
Government entities
Artefacts/Attribution
Likely operating from India.
Description
A threat actor targeting a variety of high-profile diplomatic and economic entities. They use a custom toolkit to deliver malware capable of stealing files and data. The victims are typically reached via spear-phishing or watering hole attacks.
Mitigation is where enterprises need to start, prevention being significantly more effective and more cost-efficient than remediation after an attack
Read more