Snowblind: The Invisible Hand of Secret Blizzard
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Russian-based threat actor, Secret Blizzard, has infiltrated 33 command-and-control nodes of a Pakistani-based actor, Storm-0156. Over two years, Secret Blizzard leveraged this access to deploy malware into Afghan government networks and potentially acquired data from Pakistani operators' workstations. They expanded their focus to include two other malware families, Waiscot and CrimsonRAT, used against Indian targets. The campaign demonstrates Secret Blizzard's meticulous approach to expanding operations in the Middle East, exploiting other actors' infrastructure to avoid attribution and gain sensitive information. This strategy allows them to remotely acquire data without exposing their own tools, taking advantage of the foothold created by the original threat actor.
OPENCTI LABELS :
espionage,secret blizzard,crimsonrat,snowblind
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Snowblind: The Invisible Hand of Secret Blizzard