CyberSecurity news

FlagThis

Microsoft Threat Intelligence@Microsoft Security Blog //

Secret Blizzard Espionage Campaign Targeting Storm-0156

Microsoft and Lumen's Black Lotus Labs have revealed a significant cyber espionage campaign conducted by the Russian state-sponsored group Secret Blizzard. This campaign involved the hijacking of the infrastructure belonging to the Pakistan-based Storm-0156 hacking group (also known as SideCopy, Transparent Tribe, or APT36). Secret Blizzard gained access to at least 33 of Storm-0156's command-and-control servers, using this access to install backdoors, collect intelligence, and compromise target devices in South Asia, specifically targeting Afghan and Indian networks. The operation highlights Secret Blizzard's sophisticated techniques, demonstrating their ability to leverage the resources of other groups for their malicious activities.

Secret Blizzard's actions included deploying malware such as TwoDash and Statuezy, which were used to collect data from Afghan government networks. This sophisticated operation, spanning from late 2022 to mid-2023, also involved the exploitation of existing Storm-0156 backdoors, like CrimsonRAT, to access further data from Indian military targets. This isn't an isolated incident; Secret Blizzard has a history of exploiting other threat actors' infrastructure, demonstrating a concerning pattern of leveraging pre-existing access for their espionage operations. This highlights the increasing complexity of cyber threats and the need for enhanced cybersecurity measures.
Original img attribution: https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2024/12/Secret-Blizzard-social-card-1.png
ImgSrc: www.microsoft.c

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberInsider: Russia’s Secret Blizzard Hacked Rival Hackers’ Networks for Espionage
  • securityaffairs.com: Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
  • Microsoft Security Blog: Microsoft's report on Secret Blizzard's activities.
  • Virus Bulletin: Microsoft researchers discuss how Secret Blizzard has used the Storm-0156 (overlaps with SideCopy, Transparent Tribe & APT36) infrastructure to install backdoors & collect intelligence on targets of interest in South Asia.
  • Cyber Security News: Report about Secret Blizzard stealing data from rival networks.
  • malware.news: Analysis of Secret Blizzard's campaign
  • therecord.media: Russian state hackers hijacked rival servers to spy on targets in India, Afghanistan
  • Threats | CyberScoop: Russia-linked Turla caught using Pakistani APT infrastructure for espionage
  • gbhackers.com: Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication
  • blog.lumen.com: Report detailing Secret Blizzard's operation, highlighting their exploitation of Storm-0156's infrastructure.
  • malware.news: Ukrainian defense firms subjected to suspected Russian cyberespionage campaign
  • malware.news: Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
  • PCMag: A group known as Secret Blizzard, which has ties to Russia's Federal Security Service, is targeting Ukraine's military with the goal of swiping PDFs, emails, documents, and other data.
  • www.pcmag.com: Russia attacks Ukraine with malware using other hackers' backdoors
  • securityaffairs.com: SecurityAffairs report on Secret Blizzard targeting Ukraine with Kazuar backdoor
Classification: