Contact

Analysis of an APT27 Attack on Media Organization

NetmanageIT OpenCTI - opencti.netmanageit.com

Analysis of an APT27 Attack on Media Organization



SUMMARY :

"In this article, we have described an APT27 attack on a media company. The cybercriminals obtained access to the company's headquarters by compromising an office in a foreign country. They maintained control of the infrastructure for two years. They used both publicly available and custom-developed tools that had been seen previously. The hackers, while not changing their TTPs, chose rather unusual software to monetize their attacks. Perhaps the compromise of this client was an accident and this was merely an attempt to obtain at least some benefit. User data was encrypted, after which a ransom demand was made. A mistake in the ransomware's cryptographic algorithms enabled us to recover the encrypted files. To our knowledge, the attackers did not obtain access to information of any value whatsoever, ultimately leaving them with nothing to show for their efforts."

OPENCTI LABELS :

apt,ransomware,mimikatz,lazarus,winnti,netsupport,virustotal,polar,hyperbro,sysupdate,apt27,servhelper,emissary panda,removal,chinachopper,taskjob,dll library,positive,bronze union,twoface,nbtscan,smbtouch,media


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analysis of an APT27 Attack on Media Organization