Hellhounds: Operation Lahat
Essential information
- Published
- 28/05/2024 11:28
- Modified
- 28/05/2024 12:01
- Tags
- 2024-05-28 apt operation lahat russia
- Related entities
- 73 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 1 others
Description
A group called Hellhounds has continued attacking Russian organizations into 2024 using various techniques to compromise infrastructure. Research shows malware toolkit development began in 2019. The group maintains presence inside critical organizations for years. Although based on open-source projects, malware is modified to bypass defenses. The earliest Windows and Linux samples are from 2019 and 2021. Encryption and obfuscation are used. Foothold gained via system services. Main C2 method is DNS tunneling. At least 48 confirmed victims, focused on public sector and IT contractors. Victims likely compromised via supply chain attacks and trusted relationships.