CyberSecurity updates
2024-12-26 20:11:17 Pacfic

Secret Blizzard Espionage Campaign Targeting Storm-0156 - 21d
Read more: www.microsoft.com

Microsoft and Lumen's Black Lotus Labs have revealed a significant cyber espionage campaign conducted by the Russian state-sponsored group Secret Blizzard. This campaign involved the hijacking of the infrastructure belonging to the Pakistan-based Storm-0156 hacking group (also known as SideCopy, Transparent Tribe, or APT36). Secret Blizzard gained access to at least 33 of Storm-0156's command-and-control servers, using this access to install backdoors, collect intelligence, and compromise target devices in South Asia, specifically targeting Afghan and Indian networks. The operation highlights Secret Blizzard's sophisticated techniques, demonstrating their ability to leverage the resources of other groups for their malicious activities.

Secret Blizzard's actions included deploying malware such as TwoDash and Statuezy, which were used to collect data from Afghan government networks. This sophisticated operation, spanning from late 2022 to mid-2023, also involved the exploitation of existing Storm-0156 backdoors, like CrimsonRAT, to access further data from Indian military targets. This isn't an isolated incident; Secret Blizzard has a history of exploiting other threat actors' infrastructure, demonstrating a concerning pattern of leveraging pre-existing access for their espionage operations. This highlights the increasing complexity of cyber threats and the need for enhanced cybersecurity measures.