2024-12-26 04:10:32 Pacfic
Secret Blizzard Espionage Campaign Targeting Storm-0156 - 20d
Microsoft and Lumen's Black Lotus Labs have revealed a significant cyber espionage campaign conducted by the Russian state-sponsored group Secret Blizzard. This campaign involved the hijacking of the infrastructure belonging to the Pakistan-based Storm-0156 hacking group (also known as SideCopy, Transparent Tribe, or APT36). Secret Blizzard gained access to at least 33 of Storm-0156's command-and-control servers, using this access to install backdoors, collect intelligence, and compromise target devices in South Asia, specifically targeting Afghan and Indian networks. The operation highlights Secret Blizzard's sophisticated techniques, demonstrating their ability to leverage the resources of other groups for their malicious activities.
Secret Blizzard's actions included deploying malware such as TwoDash and Statuezy, which were used to collect data from Afghan government networks. This sophisticated operation, spanning from late 2022 to mid-2023, also involved the exploitation of existing Storm-0156 backdoors, like CrimsonRAT, to access further data from Indian military targets. This isn't an isolated incident; Secret Blizzard has a history of exploiting other threat actors' infrastructure, demonstrating a concerning pattern of leveraging pre-existing access for their espionage operations. This highlights the increasing complexity of cyber threats and the need for enhanced cybersecurity measures.
ImgSrc: www.microsoft.com
References:
- CyberInsider - Russia’s Secret Blizzard Hacked Rival Hackers’ Networks for Espionage - 20d
- Security Affairs - Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors - 20d
- Microsoft Security Blog - Microsoft's report on Secret Blizzard's activities. - 20d
- @VirusBulletin - Microsoft researchers discuss how Secret Blizzard has used the Storm-0156 (overlaps with SideCopy, Transparent Tribe & APT36) infrastructure to install backdoors & collect intelligence on targets of i - 20d
- Cyber Security News - Report about Secret Blizzard stealing data from rival networks. - 20d
- Malware Analysis, News and Indicators - Analysis of Secret Blizzard's campaign - 20d
- Over Security - Russian state hackers hijacked rival servers to spy on targets in India, Afghanistan - 19d
- Threats - Russia-linked Turla caught using Pakistani APT infrastructure for espionage - 19d
- GBHackers Security - Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication - 19d
- blog.lumen.com - Report detailing Secret Blizzard's operation, highlighting their exploitation of Storm-0156's infrastructure. - 19d
- Malware Analysis, News and Indicators - Ukrainian defense firms subjected to suspected Russian cyberespionage campaign - 15d
Classification:
- HashTags: SecretBlizzard CyberEspionage APT36
- Company: Microsoft
- Target: Storm-0156
- Attacker: Secret Blizzard
- Product:
- Feature: espionage
- Type: Espionage
- Severity: Major