Operation North Star Campaign

2020-07-29 • Mcafee •

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-north-star-campaign/

#NorthStar #T1082 #T1027 #T1566.002 #T1566.003 #T1204 #T1566.001 #T1059 #T1129 #T1218 #T1087 #T1547 #T1573 #T1033 #T1221

McAfee’s defensive guidance ties Operation North Star to targeted malicious job-posting documents against aerospace and defense interests during 2020. The excerpt says the campaign used spear-phishing attachments or vulnerability exploitation for initial access, weaponized documents and remote template files, legitimate Windows tools and signed binaries, registry or Startup-folder persistence, and encoded command-and-control traffic. McAfee frames the case as a priority for SOC teams because COVID-era remote work expanded the phishing attack surface and because the activity reuses techniques seen in earlier 2017 and 2019 campaigns while changing implants, infrastructure, and lures.

Related Reports

2020-08-26 • 44% Match

FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

USCISA

#BeagleBoyz #FASTCash2 #T1082 #T1119 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1020 #T1560 #T1115 #T1083 #T1036 #T1027 #T1071 #T1548.003 #T1204 #T1057 #T1059.005 #T1518.001 #T1566.001 #T1547.001 #T1059.001 #T1053 #T1132.001 #T1102 #T1059 #T1199 #T1105 #T1219 #T1055 #T1553.002 #T1552.004 #T1562.001 #T1486 #T1129 #T1489 #T1078 #T1133 #T1053.003 #T1190 #T1203 #T1189 #T1049 #T1098 #T1087 #T1016 #T1070.006 #T1021.001 #T1574.001 #T1217 #T1106 #T1573 #T1095 #T1056 #T1010 #T1021.002 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1110 #T1561.002 #T1202 #T1070.003 #T1565.001 #T1021 #T1505.003 #T1027.005 #T1056.004 #T1218.001 #T1562.003 #T1014 #T1053.004 #T1101 #T1565.002 #T1565.003 #T1562.006

Shares tags: T1082, T1027, T1204 • Published within a month

2020-07-29 • 32% Match

Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?

Mcafee

#NorthStar

Shares tag: NorthStar • Same author: Mcafee • Published within a week

2020-08-14 • 28% Match

Phishing Emails Used to Deploy KONNI Malware

USCISA

#Phishing #Konni #T1082 #T1059.003 #T1140 #T1070.004 #T1113 #T1071.001 #T1112 #T1115 #T1083 #T1056.001 #T1555.003 #T1057 #T1566.001 #T1547.001 #T1059.001 #T1036.005 #T1132.001 #T1105 #T1546.015 #T1016 #T1548.002 #T1218.011 #T1048.003 #T1134.002 #T1033 #T1547.009

Shares tags: T1082, T1566.001, T1033 • Published within a month

2020-07-16 • 28% Match

Mac cryptocurrency trading application rebranded, bundled with malware

ESET

#Cryptocurrency #GMERA #T1082 #T1005 #T1113 #T1083 #T1497 #T1204 #T1539 #T1059 #T1048 #T1043 #T1518 #T1040 #T1159 #T1139 #T1065 #T1116

Shares tags: T1082, T1204, T1059 • Published within a month

2022-04-29 • 26% Match

Cyber Threats 2021: A Year in Retrospect

PWC

#Trend #BlackBanshee #BlackAlicanto #T1082 #T1059.003 #T1090 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1112 #T1083 #T1204.001 #T1036 #T1027 #T1204.002 #T1071 #T1124 #T1204 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1059 #T1003 #T1105 #T1620 #T1486 #T1135 #T1078 #T1548 #T1190 #T1592 #T1049 #T1087 #T1589 #T1074.001 #T1591 #T1547 #T1068 #T1573 #T1095 #T1048 #T1608 #T1070 #T1056 #T1036.007 #T1614.001 #T1033 #T1110 #T1221 #T1132 #T1570 #T1021 #T1615 #T1482 #T1210 #T1069 #T1595 #T1039 #T1016.001

Shares tags: T1082, T1027, T1204

2017-05-31 • 26% Match

Lazarus Group

MITRE

#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491

Shares tags: T1082, T1027, T1204

« Back