Unraveling SloppyLemming’s Operations Across South Asia
Essential information
- Published
- 27/09/2024 13:49
- Modified
- 27/09/2024 14:18
- Tags
- 2024-09-27 cobalt strike havoc nekrowire
- Related entities
- 1 vulnerabilities (cve), 96 observables, 1 intrusion sets (apt), 19 techniques (mitre), 3 malware, 12 others
Description
An investigation reveals SloppyLemming, an advanced threat actor targeting South and East Asian countries, particularly Pakistan. The group uses multiple cloud services for credential harvesting, malware delivery, and command and control. Their operations focus on government, law enforcement, energy, telecommunications, and technology entities in Pakistan, Bangladesh, Sri Lanka, and China. SloppyLemming employs phishing tactics, exploits vulnerabilities, and utilizes various malware tools. The actor's lack of operational security has provided insights into their tooling and infrastructure. Cloudflare has taken steps to disrupt the actor's operations and collaborated with industry partners to mitigate the threat.