Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Russian state-sponsored threat actor Secret Blizzard has been observed compromising the infrastructure of Storm-0156, a Pakistan-based espionage group, to conduct their own espionage operations. Since November 2022, Secret Blizzard has used Storm-0156's backdoors to deploy their own malware on compromised devices, particularly targeting government entities in Afghanistan and India. The threat actor has employed various tools, including TinyTurla variant, TwoDash, Statuezy, and MiniPocket, alongside Storm-0156's CrimsonRAT and Wainscot backdoors. This activity highlights Secret Blizzard's tactic of leveraging other actors' infrastructure to diversify attack vectors and facilitate intelligence collection.
OPENCTI LABELS :
espionage,russia,tinyturla,storm-0156,secret blizzard
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage