Unraveling SloppyLemming’s Operations Across South Asia
Sept. 27, 2024, 2:18 p.m.
Description
An investigation reveals SloppyLemming, an advanced threat actor targeting South and East Asian countries, particularly Pakistan. The group uses multiple cloud services for credential harvesting, malware delivery, and command and control. Their operations focus on government, law enforcement, energy, telecommunications, and technology entities in Pakistan, Bangladesh, Sri Lanka, and China. SloppyLemming employs phishing tactics, exploits vulnerabilities, and utilizes various malware tools. The actor's lack of operational security has provided insights into their tooling and infrastructure. Cloudflare has taken steps to disrupt the actor's operations and collaborated with industry partners to mitigate the threat.
Tags
Date
- Created: Sept. 27, 2024, 1:49 p.m.
- Published: Sept. 27, 2024, 1:49 p.m.
- Modified: Sept. 27, 2024, 2:18 p.m.
Indicators
- e3bc0246ab95b527aa86e52e62f554ab8db04523f35aee50b508d0fa48ab49f7
- fb4397c837c7e401712764f953723153d5bb462bc944518959288ea47dec6446
- b6ae5b714f18ca40a111498d0991e1e30cd95317b4904d2ef0d49937f0552000
- ac3dff91982709f575cfbc6954b61130b4eeab5d3759772db220f1b76836be4d
- b53c7b13a4af47c3976bfad63fe9c5fd988dc0807dd040e8d63d790b65394afb
- a3c9b56a0ce787d7aa7787d9ff0e806a6fb0b216327591b1e1113391c609fd17
- 82e99ceea9e6d31555b0f2bf637318fd97e5609e3d4d1341aec39db2e26cf211
- 95cf90b2610c6f0ec67c1d669cd252468f6c3b8eaeea588f342d2bd74d90e093
- 3dfb8d198de95090e2ad3ffc9d9846af5c3074563acb0ce5b0ef62b20e4bf432
- 06f82a8d80ec911498e3493ebefa8ad45e102dd887ce2edc11f8f51bafab2e80
- 337ca61e23bcb86f26dc40a36316621b74ec6f29a55820899ed30b03b69a6025
- 8.222.235.145
- 8.219.169.226
- 8.219.114.124
- 47.83.23.246
- 47.76.61.241
- 47.76.181.76
- 47.74.87.155
- 47.74.84.168
- 47.245.56.29
- 47.245.42.208
- 47.245.2.77
- 47.245.114.11
- 47.237.25.198
- 47.237.20.201
- 47.237.20.135
- 47.237.105.113
- 47.236.65.190
- 37.27.41.167
- 208.85.22.252
- 207.148.73.145
- 159.65.6.251
- 159.253.120.25
- 47.254.229.56
- 47.245.126.218
- 45.137.116.8
- 185.249.198.218
- 149.28.153.250
- 142.93.139.164
- 139.59.109.136
- www.crec-bd.site
- www.cloudlflares.com
- www.168-gov.info
- zero-berlin-covenant.apl-org.online
- update.apl-org.online
- static.opensecurity-legacy.com
- sensors.opensecurity-legacy.com
- secure.cloudlflares.com
- secure.cflayerprotection.com
- redzone2.apl-org.online
- sco.zapto.org
- redzone.apl-org.online
- pitb.zapto.org
- owa-spamcheck.apl-org.online
- openkm.paknavy-pk.org
- oil.hascolgov.info
- monitor.opensecurity-legacy.com
- mailpitb-securedocs.zapto.org
- mail.pakistangov.com
- mail.apl-com.icu
- m.opensecurity-legacy.com
- login.apl-org.online
- locall.hascolgov.info
- localhost.apl-com.icu
- locaal.navybd-gov.info
- hurr.zapto.org
- hesco.hascolgov.info
- frontend-m.opensecurity-legacy.com
- fonts.apl-org.online
- docs.apl-com.icu
- dawn.apl-org.online
- data.cloudlflares.com
- confidential.zapto.org
- cloud.cflayerprotection.com
- cloud.adobefileshare.com
- browser.apl-org.online
- blabla.apl-com.icu
- bin.opensecurity-legacy.com
- api.opensecurity-legacy.com
- acrobat.paknavy-pk.org
- accounts.opensecurity-legacy.com
- updpcn.online
- quran-books.store
- paknavy-pk.org
- opensecurity-legacy.com
- mofapak.info
- modp-pk.org
- link.click
- jammycanonicalupdates.cloud
- itsupport-gov.com
- humariweb.info
- email.click
- crec-bd.site
- hit-pk.org
- cloudlflares.com
- cflayerprotection.com
Additional Informations
- Technology
- Energy
- Defense
- Telecommunications
- Government
- Sri Lanka
- Nepal
- Bangladesh
- Australia
- China
- Indonesia
- Pakistan