aka APT33 Hackers Attacked 50 Organizations by Launching a Variety of Malware & Free Hacking Tools

Relentless espionage Group also called as aka APT33 (Elfin) targeting various organization in Saudi Arabia and United States by deploying a variety of malware in their network.

Aka APT33 group specifically targeting corporate networks and it compromised around 50 organizations in different countries since 2015.

Cybercriminals scanning the vulnerable websites of a specific target, later used for either command and control server or malware attacks if the website will be compromised successfully.

so far attackers compromised the wide range of targets including, governments along with organizations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.

Aka APT33 group mainly focused on Saudi Arabia, with the 42% of attack since 2016 and its compromised 18 organization in the U.S alone over the past three years.

In this case, Elfin targeted organization including engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors in the U.S alone.

Exploiting the Vulnerabilities

A very recent campaign, Elfin hackers performed various attempt to exploit the WinRAR vulnerability, and it was mainly used against one target in the chemical sector in Saudi Arabia.

In this case, successfully exploited this vulnerability allow attackers take the complete control of vulnerable windows computer and install any file on the system.

Attackers send spear phishing emails to the target and attempt to exploit this WinRAR vulnerability.

Open-source hacking Tools & Custom Malware

During the attack, Elfin Use the variety of open source hacking tools, custom malware, commodity malware to compromise the different target.

In this custom malware family includes Notestuk (Backdoor.Notestuk) , a malware to open the backdoor and gathering the information, Stonedrill(Trojan.Stonedrill) , a custom malware capable of opening a backdoor on an infected computer and downloading additional files.

Elfin APT also makes frequent use of a number of publicly available hacking tools, including:

  • LaZagne (SecurityRisk.LaZagne): A login/password retrieval tool
  • Mimikatz (Hacktool.Mimikatz): Tool designed to steal credentials
  • Gpppassword: Tool used to obtain and decrypt Group Policy Preferences (GPP) passwords
  • SniffPass (SniffPass): Tool designed to steal passwords by sniffing network traffic

Also, many commodity malware tools were used for these attacks and themalware available for purchase on the cyber underground. including,

Learn: Malware Analysis – Advance Malware Analyst Bundle Course

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

5 minutes ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

13 minutes ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

38 minutes ago

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

51 minutes ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

16 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

17 hours ago