According to researchers at SentinelLabs, a new threat group was identified while researching an attack on a high value target that had been infiltrated by more than ten threat actors. The group, which has not yet been attributed to any nation-state, is believed to be working on behalf of a nation-state as a contractor. Signs from the intrusion indicate the group has been active for over two years without being identified. The group attacks with variants of two Windows malware platforms deployed directly into memory, with indications of an additional Linux implant, and are capable of rapid adaptations. The group was also able to quickly adapt once their infiltrated target had adopted a security solution.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in