216.73.217.80

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

· Published 05/12/2024 02:56 · Modified 05/12/2024 09:54

Export JSON

Essential information

Published
05/12/2024 02:56
Modified
05/12/2024 09:54
Tags
2024-12-05 espionage russia secret blizzard storm-0156 tinyturla
Related entities
1 intrusion sets (apt), 18 techniques (mitre), 6 malware, 5 others

Description

The Russian state-sponsored threat actor has been observed compromising the infrastructure of , a Pakistan-based group, to conduct their own operations. Since November 2022, has used 's backdoors to deploy their own malware on compromised devices, particularly targeting government entities in Afghanistan and India. The threat actor has employed various tools, including variant, TwoDash, Statuezy, and MiniPocket, alongside 's CrimsonRAT and Wainscot backdoors. This activity highlights 's tactic of leveraging other actors' infrastructure to diversify attack vectors and facilitate intelligence collection.

External references