SecureList
SEPTEMBER 6, 2022
Its main stealer functionality involves extracting data such as passwords, cookies, card details, and autofill data from browsers, cryptocurrency wallet secrets, credentials for VPN services, etc. The stolen information is then sent to a remote C&C server controlled by the attackers, who later drain victims’ accounts.
SecureList
NOVEMBER 1, 2022
It provides victims with a VPN connection that can be used to browse these resources. We have been tracking this threat actor for several years and previously published an APT threat report describing its malicious operations. SandStrike is distributed as a means to access resources about the Bahá?í Final thoughts.
SecureList
APRIL 27, 2021
The attackers used vulnerabilities in an SSL-VPN product to deploy a multi-layered loader we dubbed Ecipekac (aka DESLoader, SigLoader and HEAVYHAND). On January 25, the Google Threat Analysis Group (TAG) announced that a North Korean-related threat actor had targeted security researchers. Final thoughts.
Expert insights. Personalized for you.
103 
Let's personalize your content