216.73.217.24

Snowblind: The Invisible Hand of Secret Blizzard

· Published 05/12/2024 02:56 · Modified 05/12/2024 10:24

Export JSON

Essential information

Published
05/12/2024 02:56
Modified
05/12/2024 10:24
Tags
2024-12-05 crimsonrat espionage secret blizzard snowblind
Related entities
1 intrusion sets (apt), 21 techniques (mitre), 6 malware, 6 others

Description

A Russian-based threat actor, , has infiltrated 33 command-and-control nodes of a Pakistani-based actor, Storm-0156. Over two years, leveraged this access to deploy malware into Afghan government networks and potentially acquired data from Pakistani operators' workstations. They expanded their focus to include two other malware families, Waiscot and , used against Indian targets. The campaign demonstrates 's meticulous approach to expanding operations in the Middle East, exploiting other actors' infrastructure to avoid attribution and gain sensitive information. This strategy allows them to remotely acquire data without exposing their own tools, taking advantage of the foothold created by the original threat actor.

External references