APT-K-47 group uses new malware tools to launch data theft attacks
This report provides an analysis of a recent data theft campaign conducted by the APT-K-47 group, a threat actor based in South Asia. The group deployed new and previously undisclosed malware tools, including WalkerShell, DemoTrySpy, NixBackdoor and Nimbo-C2, to compromise targets and steal sensitive data. After gaining initial access, the attackers downloaded additional payloads like ORPCBackdoor to establish persistence. The campaign targeted organizations in countries like Russia, Pakistan, Bangladesh and the United States across multiple industries. The attackers were able to traverse file systems to exfiltrate documents of interest and steal browser passwords. The report examines the new malware tools in detail, including their capabilities and role in the attack chain.
- Russian Federation
You can download the txt file containing the indicators by clicking on the button below: