Iran (APT33): Trend Micro released an article stating that they were able to find and investigate a personal VPN network that is being used by Iran’s most prominent threat group, APT33. APT33 has been seen many times in the past targeting the oil and aviation industries. Most recently in 2019, the group was seen using spear-phishing campaigns to take advantage of an Outlook vulnerability. The group switched targets in 2019, focusing on American universities and colleges, entities close to the U.S. military, and several victims in the Middle East and Asia. The VPN network that the group developed used many different layers of security to keep the group from easily being tracked down. One thing the group may have overlooked is that because they rented server space for their network, as opposed to using a standard VPN, researchers only had to track a certain number of IP addresses. If the threat group would have used a standard VPN service, their IP address would have rotated between attacks, making them harder to identify as the attacker. Now that researchers were able to track down the IP addresses that were used in the VPN network, they could link attacks to the group and track who they were attacking or doing reconnaissance on.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased