"US Organizations Targeted by New Cybercrime Group With Sophisticated Malware"

A new financially motivated threat actor has targeted a number of organizations in the US and other countries using sophisticated malware. FireEye tracks the threat actor as UNC2529, which has used a sizable command-and-control (C&C) infrastructure, custom lures, and three sophisticated malware families. FireEye says the group is experienced and well resourced. The cybersecurity firm's incident response unit Mandiant observed two attack waves in December 2020, with the first wave having targeted 28 organizations. The next wave of attacks is suspected of having targeted at least 22 organizations. Approximately 70 percent of the group's victims were in the US. Organizations that UNC2529 has targeted include those in the health, education, retail, military and aerospace, engineering and manufacturing, government, transportation, utilities, and financial sectors. The group also targeted organizations in the EMEA region, Asia, and Australia. The attacks involved three new pieces of malware tracked by FireEye as DOUBLEDRAG, DOUBLEDROP, and DOUBLEBACK. They start with a phishing email containing a link to a malicious or compromised website that delivers a piece of malware. FireEye also revealed that the threat actor largely used obfuscation and fileless malware in order to avoid detection and deliver a well-coded, extensible backdoor. This article continues to discuss the targets, tools, and techniques of the new cybercrime gang UNC2529.

Security Week reports "US Organizations Targeted by New Cybercrime Group With Sophisticated Malware"