← All Threat Actors
Threat Actor Profile

DarkHydrus

G0079 LazyMeerkat Obscure Serpens
▲ High Threat
In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).
Origin

Known TTPs

Malicious File
Forced Authentication
Hidden Window
PowerShell
Spearphishing Attachment
Template Injection
Tool

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD