Today > | 5 High | 10 Medium vulnerabilities   -   You can now download lists of IOCs here!

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Dec. 5, 2024, 9:54 a.m.

Tags
espionage
russia
2024-12-05
tinyturla
storm-0156
secret blizzard
External References
Description

The Russian state-sponsored threat actor Secret Blizzard has been observed compromising the infrastructure of Storm-0156, a Pakistan-based espionage group, to conduct their own espionage operations. Since November 2022, Secret Blizzard has used Storm-0156's backdoors to deploy their own malware on compromised devices, particularly targeting government entities in Afghanistan and India. The threat actor has employed various tools, including TinyTurla variant, TwoDash, Statuezy, and MiniPocket, alongside Storm-0156's CrimsonRAT and Wainscot backdoors. This activity highlights Secret Blizzard's tactic of leveraging other actors' infrastructure to diversify attack vectors and facilitate intelligence collection.

Date

Published: Dec. 5, 2024, 2:56 a.m.

Created: Dec. 5, 2024, 2:56 a.m.

Modified: Dec. 5, 2024, 9:54 a.m.

Attack Patterns

Wainscot

CrimsonRAT

MiniPocket

Statuezy

TwoDash

TinyTurla - S0668

Secret Blizzard

T1505.003

T1574.002

T1059.001

T1547.001

T1056.001

T1113

T1199

T1204.002

T1016

T1082

T1057

T1105

T1083

T1036

T1033

T1190

T1133

T1078

Additional Informations

Defense

Government

British Indian Ocean Territory

Afghanistan

India