Cybersecurity researchers from ESET recently discovered a relatively new hacking group that’s been very successful in targeting organizations worldwide.
The group is called Asylum Ambuscade, and its endgame remains a mystery to the researchers. According to BleepingComputer, it has been active all over the world, but mostly in the West, for the last three years.
It uses a wide variety of tools, including the Sunseed malware, Akhbot, and Nodebot, which allow the team to engage in all kinds of malicious activities, including grabbing screenshots, stealing passwords stored in popular internet browsers, deploying Cobalt Strike loaders, running a keylogger, and more.
Malicious Google Ads
In short, the group’s abilities range from cybercrime to espionage.
Their targets are also quite diverse, and include bank customers, cryptocurrency investors and traders, government agencies and employees, as well as small and medium-sized businesses (SMB).
The attacks usually start with a phishing email, which carries a malicious script. That script downloads the Sunseed malware, after which the group decides which additional payloads to deliver, depending on the target’s endpoints.
In some instances, the researchers found the group created Google Ads which redirected users to sites with malicious JavaScript code.
The group also seems to be quite successful. ESET’s researchers started tracking its activity in January last year, and since then it identified roughly 4,500 victims, which means the group targeted 265 organizations and entities every month.
The biggest mystery remains the group’s motives. With a wide range of tools, capable of engaging in all sorts of cybercrime, as well as a diverse list of victims, the researchers can’t exactly pinpoint what the group is trying to achieve. One theory suggests the group is just selling access and information to other threat actors, hence the diversified approach.
Via: BleepingComputer