The report for Q4 2024 highlights various hacker groups from different countries, including Russia, North Korea, China, and Iran, detailing their tactics and targets. Affected: UNC5812, Secret Blizzard, Evasive Panda, Salt Typhoon, OilRig, Charming Kitten
Keypoints :
- UNC5812 and Secret Blizzard are Russian hacker groups active in Q4 2024.
- UNC5812 used Windows and Android malware to target Ukrainian military personnel.
- Secret Blizzard, also known as Turla, targets foreign ministries and embassies globally.
- North Korean hackers were linked to ransomware attacks and the first domestic attack on a virtual asset exchange.
- Evasive Panda from China exploited cloud services to steal data using a new tool called CloudScout.
- Salt Typhoon, another Chinese group, targeted commercial communication infrastructures.
- Iranian hacker groups OilRig and Charming Kitten employed fake job websites for attacks.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: UNC5812 used application layer protocols to communicate with malware.
- T1083 – File and Directory Discovery: Secret Blizzard utilized reconnaissance tools to gather information on target systems.
- T1499 – Endpoint Denial of Service: The North Korean group caused disruptions to virtual asset exchanges.
- T1070.001 – Indicator Removal on Host: Charming Kitten used techniques to obscure their malicious activities.
- T1203 – Exploitation for Client Execution: OilRig exploited vulnerabilities in Microsoft Exchange servers.
Full Research: https://erteam.tistory.com/533681