Pawn Storm Uses Brute Force and Stealth Against High-Value Targets [Tuesday, February 06, 2024]

Pawn Storm (also known as APT28 and Forest Blizzard) is an advanced persistent threat (APT) actor that shows incessant and lasting repetitions in i...
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets [Tuesday, February 06, 2024]
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

Description :
Pawn Storm (also known as APT28 and Forest Blizzard) is an advanced persistent threat (APT) actor that shows incessant and lasting repetitions in its tactics, techniques, and procedures (TTPs). The group targets organizations dealing with foreign affairs, energy, defense, and transportation, as well as organizations involved with labor, social welfare, finance, parenthood, and even local city councils. Pawn Storm employs a wide range of tools to hide their tracks, including VPN services, Tor, compromised routers, and hacked email accounts. The group has been using brute-force attacks since 2019 to access corporate and government accounts. Pawn Storm also exploits vulnerabilities like CVE-2023-23397 in Outlook and CVE-2023-38831 in WinRAR to steal Net-NTLMv2 hashes for use in further attacks. Defenders can use the indicators of compromise listed in the report to check if their organization has been targeted.

Published Created Modified
2024-02-06 10:14:38 2024-02-06 10:14:38 2024-02-06 10:42:16

Tags

Indicators

IPv4s : Domains : Malwares :
  • information stealer
Hashes :
  • 4f3992b9dbd1c2a64588a5bc23f1b37a12a4355688d6e1a06408ea2449c59368
  • c8a86d0132b355ee8a22e48e81bb8aef71d3b418878df1bd9c46e53cfb3d2d61
  • 52951f2d92e3d547bad86e33c1b0a8622ac391c614efa3c5d167d8a825937179
  • 00ff432de1e4698d68a5ebc2f09056f230836b4cc9e4da8565286abaaade3ae6
  • 9f31754206df706ad45b9a8f12c780295da1c71d98cdb6b8d119ab8001c64bf8
  • 494b6bc171912c22ecc3613c93cbb46880a659a1c0a487de1221e40eb01c5b86
  • 2f1c2afdf17831e744841029bb5d5a3ea9fda569958303be03e50fb3a764913f
  • 0429bdc6a302b4288aea1b1e2f2a7545731c50d647672fa65b012b2a2caa386e
  • f5b7a2d9872312e000acbe3dc8153707acecc5ba184f97ad6014327db16549c7
  • 19e95b32b77d8dfd294c085793cd542d82eddac8e772818fea2826fa02a5cc54
  • 45e44afeb8b890004fd1cb535978d0754ceaa7129082cb72386a80a5532700d1
  • 1b598c7c35f00d2c940dfd3745bd9e5d036df781d391b8f3603a2969c666761b
  • d84c39579e61c406380f37da7c2a6758ed9a4c9a0e7697c073e2ddbb563360cd
  • 22ed5c5cd9c6a351398f1e56efdfb16d52cd33cb4b206237487a03443d3de893
  • 243bab79863327915c315c188c0589202f64b3500a3fee3e2c9f3d34e8e1f154
  • ed56740c66609d2bbd39dc60cf29ee47743344a9a6861bee7c08ccfb27376506
  • 19d0c55ac466e4188c4370e204808ca0bc02bba480ec641da8190cb8aee92bdc
  • 593583b312bf48b7748f4372e6f4a560fd38e969399cf2a96798e2594a517bf4
  • 9a798e0b14004e01c5f336aeb471816c11a62af851b1a0f36284078b8cf09847
Intrusion set :
  • Pawn Storm
Location :
  • Central African Republic
  • South Africa
  • United States of America
MITRE ATT&CK Techniques : Other observables :
  • CVE-2023-36025
  • CVE-2023-38831
  • CVE-2023-23397
  • Transportation
  • Energy
  • Finance
  • Defense
  • Government

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.