Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This hacking group has been attacking thousands of organizations worldwide

Hacker Dark Web

Cybersecurity researchers from ESET recently discovered a relatively new hacking group that’s been very successful in targeting organizations worldwide. 

The group is called Asylum Ambuscade, and its endgame remains a mystery to the researchers. According to BleepingComputer, it has been active all over the world, but mostly in the West, for the last three years. 

It uses a wide variety of tools, including the Sunseed malware, Akhbot, and Nodebot, which allow the team to engage in all kinds of malicious activities, including grabbing screenshots, stealing passwords stored in popular internet browsers, deploying Cobalt Strike loaders, running a keylogger, and more.

Malicious Google Ads

In short, the group’s abilities range from cybercrime to espionage. 

Their targets are also quite diverse, and include bank customers, cryptocurrency investors and traders, government agencies and employees, as well as small and medium-sized businesses (SMB). 

The attacks usually start with a phishing email, which carries a malicious script. That script downloads the Sunseed malware, after which the group decides which additional payloads to deliver, depending on the target’s endpoints.

In some instances, the researchers found the group created Google Ads which redirected users to sites with malicious JavaScript code.

The group also seems to be quite successful. ESET’s researchers started tracking its activity in January last year, and since then it identified roughly 4,500 victims, which means the group targeted 265 organizations and entities every month. 

The biggest mystery remains the group’s motives. With a wide range of tools, capable of engaging in all sorts of cybercrime, as well as a diverse list of victims, the researchers can’t exactly pinpoint what the group is trying to achieve. One theory suggests the group is just selling access and information to other threat actors, hence the diversified approach.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.