August 15, 2024 at 03:21AM
A new threat actor, known as Actor240524, has launched cyber attacks targeting Azerbaijan and Israel to steal sensitive data, using spear-phishing emails and malware like ABCloader and ABCsync. The attacks aim to avoid detection through anti-sandbox and anti-analysis techniques. NSFOCUS attributes the attacks to disrupt the cooperative relationship between the two countries.
Key takeaways from the meeting notes on Cyber Espionage / Data Theft:
– A new threat actor, known as Actor240524, has been linked to a series of cyber attacks targeting Azerbaijan and Israel with the objective of stealing sensitive data.
– The attack campaign, detected by NSFOCUS on July 1, 2024, utilized spear-phishing emails to target Azerbaijani and Israeli diplomats.
– Actor240524 has the capability to steal secrets, modify file data, and employs various countermeasures to evade exposure of its attack tactics and techniques.
– The attack chain involves the use of phishing emails containing Microsoft Word documents that prompt recipients to “Enable Content,” subsequently executing a malicious macro responsible for loading a DLL malware called ABCsync.
– ABCsync establishes contact with a remote server to receive and execute commands, employing anti-sandbox and anti-analysis techniques for environmental detection.
– Actor240524 employs various methods to avoid detection, including checking the number of running processes in the compromised system and exiting if the count is less than 200.
– NSFOCUS suggests that the operation aimed at the cooperative relationship between Azerbaijan and Israel, targeting phishing attacks on diplomatic personnel of both countries.
For more exclusive content, follow NSFOCUS on Twitter and LinkedIn.