| Category | Details |
|---|---|
| Threat Actors | Secret Blizzard (also known as Turla, Turla APT, Waterbug, Venomous Bear, Iron Hunter, Krypton) |
| Campaign Overview | Secret Blizzard targeting Ukrainian military and government organizations, deploying custom malware like KazuarV2 and Tavdig |
| Target Regions (Victims) | Ukraine, targeting military, diplomatic, and government sectors |
| Methodology | Deploying malware through the Amadey botnet, exploiting other hacker tools (Storm-1919, Storm-1837), PowerShell droppers, RC4 encryption techniques |
| Product Targeted | Military devices, government infrastructure, Ukrainian systems connected to STARLINK IPs |
| Malware Reference | KazuarV2 backdoor, Tavdig backdoor, Amadey bot, Storm-1919, Storm-1837, Andromeda USB-delivered malware |
| Tools Used | Custom reconnaissance tools, C2 panel access, RC4 encryption scripts, PowerShell dropper |
| Vulnerabilities Exploited | Leveraging compromised third-party infrastructure, hidden C2 panel access, DLL sideloading vulnerabilities |
| TTPs | Reconnaissance, credential theft, phishing attacks, deploying backdoors, stealth deployment, DLL sideloading, hiding behind other hacking groups |
| Attribution | Secret Blizzard linked to Turla, FSB’s Center 16, Russian state-sponsored hacking groups, multiple aliases (Turla, Waterbug, Snake, Krypton) |
| Recommendations | Cyber defenders should leverage detection platforms like SOC Prime, monitor C2 panel activity, use advanced threat intelligence for proactive defense |
| Source | SOCPrime |
Read full article: https://socprime.com/blog/secret-blizzard-attack-detection/
The above summary has been generated by an AI language model
Leave a Reply