216.73.216.169

Unraveling SloppyLemming’s Operations Across South Asia

· Published 27/09/2024 13:49 · Modified 27/09/2024 14:18

Export JSON

Essential information

Published
27/09/2024 13:49
Modified
27/09/2024 14:18
Tags
2024-09-27 cobalt strike havoc nekrowire
Related entities
1 vulnerabilities (cve), 96 observables, 1 intrusion sets (apt), 19 techniques (mitre), 3 malware, 12 others

Description

An investigation reveals SloppyLemming, an advanced threat actor targeting South and East Asian countries, particularly Pakistan. The group uses multiple cloud services for credential harvesting, malware delivery, and command and control. Their operations focus on government, law enforcement, energy, telecommunications, and technology entities in Pakistan, Bangladesh, Sri Lanka, and China. SloppyLemming employs phishing tactics, exploits vulnerabilities, and utilizes various malware tools. The actor's lack of operational security has provided insights into their tooling and infrastructure. Cloudflare has taken steps to disrupt the actor's operations and collaborated with industry partners to mitigate the threat.

External references