SECURITY ALERT: Gorgon APT Targets Corporate Emails with Spear Phishing Campaign

[harlan4096]

How the Gorgon APT behaved in the past. How the new spear phishing campaign looks like.

The Gorgon APT (Advanced Persistent Threat) is an older but dangerous online threat, first discovered by Unit 42 researchers in February 2018.

The group behind the Gorgon APT was revealed back when the researchers were still investigating Subaat, an attacker, when they realized that they were probably part of a larger group targeting governmental organizations.

The History of Attacks by Gorgon APT

Ever since its initial discovery in February 2018, the Gorgon APT was orchestrating attacks both on government organizations (in the United States, United Kingdom, Russia, Spain, and others) and on corporate targets around the world.

The Gorgon group has often shared infrastructure when performing criminal and nation-state targeted attacks. This made the APT easier to track across these operations.

Within the Gorgon APT infrastructure, the researchers were able to identify several crimeware family samples, including Trojans, RATs like NjRat and info stealers such as LokiBot. These were all hosted on the command and control (C2) domain of the Gorgon group.

Interestingly, the Gorgon APT didn’t just use the traditional C2 strategies we could expect from it. It also used a variety of URL shortening services in order to download its payloads. This made its criminal activity more wide-spread and potentially more complex to track down, identify and eradicate.
...

Continue Reading