This allowed us to get more insights into this threat actor’s previously undocumented attack vectors, motives, targets and the themes used. The large number of samples we identified through the attacker’s GitHub repository are not present on OSINT sources such as VirusTotal either. In our blog, we disclose additional details which we found as a result of our in-depth investigation of the threat actor’s GitHub repository. Recently, Sekoia shared their findings of the toolset of APT37 here. Due to an operational security (OpSec) failure of the threat actor, we were able to access a wealth of information about the malicious files used by this APT group along with the timeline of their activities dating as far back as October 2020. During our threat hunting research, we came across a GitHub repository which is owned by a member of the threat actor group.
0 Comments
Leave a Reply. |