BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
European Focused Threat Actors – APT Groups

European Focused Threat Actors – APT Groups

BRANDEFENSE
APT Groups
29/09/2022

Last updated on December 12th, 2022 at 01:33 pm

Table of Contents

  • Introduction
  • APT Groups
    • APT28 – Fancy Bear
    • APT15
    • APT35
    • APT27
    • APT38 – Lazarus
    • APT29 – Cozy Bear

Introduction

Cyber attacks experienced during the COVID-19 pandemic process have increased not only in vectors and numbers but also in terms of their impact. The pandemic process has expanded the surface of attacks and caused an increase in the number of cyber attacks targeting organizations through homes and offices. Also, cyber threat environments are changing with the fact that attackers are coming up with new technologies and processes constantly.

For example, in 2021, when we inspect the SolarWinds attack, which made an enormous impact, it seems that the malware has adopted a way of distributing embedded in a trusted product. After the SolarWinds attack, it has been determined that 1500 small and medium-sized companies were affected, especially the U.S. and Europe.

It has been observed that the main motivation of individual threat actors who carry out European-focused attacks is to earn financial gain. Cybercriminals have made the banking/financial sector the main target. With the crisis of the COVID-19 Pandemic, targeted ransomware attacks have increased swiftly. Many organizations that could not afford service interruptions had to pay the requested ransom. Although, some ransomware groups have demanded more ransomware, threatening organizations to publish stolen data using Double Extortion methods.

Threat actors that are supported by governments usually organize longer-term operations in the interests of the state they are affiliated with. Financial interests are in the background and trying to obtain strategic intelligence about the targeted country. It all comes to this that it is significant for security teams’ operations in today’s environment, where visibility and agility are crucial more than ever to be able to monitor cyber threat actors and their ongoing activities.

APT Groups

fancy bear apt28 apt group

APT28 – Fancy Bear

Main Targeted Sectors: Energy, Government Agencies, Media

Associated Malware: CHOPSTICK, SOURFACE, WinIDS, X-Agent

APT28, also known as Fancy Bear, is a Russia-based threat that carries out offensive operations targeting especially NATO member states and Eastern European countries. APT28, with its campaigns, uses malware families tailored to victims. APT28 also tries to directly compromise the email accounts of target organizations by using password spraying techniques. With that, it has been observed that it tries to reduce the need to distribute malware to collect user data.

For more information about “APT28 – Fancy Bear” Threat Actors, click here.

apt15 threat actors

APT15

Main Targeted Sectors: Economy and Finance, Energy, Commerce, Military

Associated Malware: Enfal, Baldeagle, Noisemaker, Mirage

APT15 group, thought to be China-Based, targets central organizations including a number of European countries, the USA, and South Africa. APT15 operators are also known to share various resources, including backdoors and technical infrastructure, with other Chinese APTs. APT15 typically uses spear phishing emails to gain initial compromise to global targets in various sectors of interest to the Chinese government.

apt35 threat actors

APT35

Main Targeted Sectors: Energy, Defense Industry, Government, Communication

Associated Malware: Aspxshellsv, Brokeyolk, Pupyrat, Tunna, Mangopunch, Drubot, Houseblend

APT35 (aka Newscaster Team) is an Iranian government-backed cyber espionage group that conducts long-term operations to gather strategic intelligence. APT35 organizes spear-phishing campaigns to gain initial reach in the targeted organization. In addition, It was also observed that the group used compromised accounts with credentials collected from previous operations and password spraying attacks on exposed web applications as additional techniques to gain initial access.

 

apt27 threat actors apt group

APT27

Main Targeted Sectors: Government, Energy, Aviation, Transportation

Associated Malware: Pandora, Sogu, Zxshell, Ghost, Wideberth, Quickpulse, Flowerpot

China-backed APT27 threat group has targeted multiple organizations with headquarters worldwide, including North and South America, Europe, and the Middle East. APT27 generally launches spear phishing to gain initial access. APT27 threat actors are known for using a compromised account in the victim organization to send phishing emails to targeted organizations in similar industries rather than using zero-day vulnerabilities.

 

apt38 threat actors apt group

APT38 – Lazarus

Main Targeted Sectors: Economy and Finance

Associated Malware: APT38, one of the most productive groups, uses malware families to target financial organizations.

APT38 is a threat group supported by the North Korean regime. It was observed that this threat group carried out the largest known cyber heist. Although APT38 is known as “Lazarus” by the security community, APT38’s financial motivation, unique toolkit, tactics, techniques, and procedures (TTPs) suggest that they are a different threat group from Lazarus. in addition, APT38 is also known for aggressively destroying evidence or victim networks in its operations.

For more information about “Lazarus – APT38” threat actors, read our blog post.

apt29 threat actors apt group

APT29 – Cozy Bear

Main Targeted Sectors: Education, Energy, Finance, Government, Technology

Associated Malware: Aspxshellsv, Brokeyolk, Pupyrat, Tunna, Mangopunch, Drubot, Houseblend

APT29, nicknamed Cozy Bear, is a Russian-based threat group considered to act on behalf of the Russian Foreign Intelligence Service. APT29 has conducted spear phishing campaigns to deliver specific types of malware to organizations in various industries, particularly in Europe. The threat group is thought to be responsible for high-profile attacks such as the 2015 Pentagon attack, the FireEye hack, the SolarWinds attack, and the COVID-19 vaccine data theft. They also set a different example with their attempts to regain access to networks they previously lost operational control of.

 

To be continued…

Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • The Impact of Machine Learning on Enhancing Threat Detection
    The Impact of Machine Learning on Enhancing Threat Detection
  • The Future of AI in Cybersecurity: Benefits and Risks
    The Future of AI in Cybersecurity: Benefits and Risks
  • Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
    Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
  • What is Supply Chain Security?
    What is Supply Chain Security?
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Multiple Vulnerabilities Detected in Solarwinds Orion

solarwinds orion critical vulnerabilities
microsoft
Next post

Critical 0-Day Alarm in Microsoft Exchange Server

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close