Intrusions from Asylum Ambuscade Runs with Mixed Objectives
Category: Threat Actor Activity | Industries: Financial Services, Government | Source: ESET
ESET warns of intrusions from cybercrime group "Asylum Ambuscade" running espionage campaigns against government entities located in Central Asia and Europe. In addition, espionage campaigns in 2022, targeted countries neighboring Ukraine. Asylum Ambuscade appears to be expanding its target profile as intrusions since 2020, have focused on many financial-related organizations in the North American region. ESET researchers assess the objective of the group is "to steal confidential information and webmail credentials from official government webmail portals."
- Follina/JS Installs MSI for Host Compromise
Anvilogic Use Cases:
- CVE-2022-30190: Microsoft Office Code Execution Vulnerability
- Wscript/Cscript Execution
- MSIExec Install MSI File