Snowblind: The Invisible Hand of Secret Blizzard
Dec. 5, 2024, 10:24 a.m.
Tags
External References
Description
A Russian-based threat actor, Secret Blizzard, has infiltrated 33 command-and-control nodes of a Pakistani-based actor, Storm-0156. Over two years, Secret Blizzard leveraged this access to deploy malware into Afghan government networks and potentially acquired data from Pakistani operators' workstations. They expanded their focus to include two other malware families, Waiscot and CrimsonRAT, used against Indian targets. The campaign demonstrates Secret Blizzard's meticulous approach to expanding operations in the Middle East, exploiting other actors' infrastructure to avoid attribution and gain sensitive information. This strategy allows them to remotely acquire data without exposing their own tools, taking advantage of the foothold created by the original threat actor.
Date
Published: Dec. 5, 2024, 2:56 a.m.
Created: Dec. 5, 2024, 2:56 a.m.
Modified: Dec. 5, 2024, 10:24 a.m.
Attack Patterns
ActionRat
Waiscot
CrimsonRAT
Statuezy
TwoDash
AllaKore
Secret Blizzard
T1021.001
T1018
T1571
T1213
T1087
T1555
T1005
T1016
T1518
T1082
T1057
T1083
T1102
T1046
T1027
T1041
T1584
T1190
T1133
T1090
T1078
Additional Informations
Defense
Government
British Indian Ocean Territory
Afghanistan
India
Pakistan