The attackers make up the specified infrastructure
Based on data collected by the SecurityScoreCord, found analyzed by the attacker’s control infrastructure, the campaign had three waves. In November, the attackers intends 181 developers, primarily in European technology. In December, the campaign has expanded the global world who looks at hundreds of developers, with some hot areas as Indian (284 victims). In January, a new wave added some 233 victims, including 110 programs in the Indian technology alone.
“The attackers release sensitive information, including development authentication, guarantee tokens, passwords kept by the browser, and the details of the program,” said the investigators. “If we are collected by the C2 server, the details were transferred to the Dropbox box, where it was planned and stored.
Besides using several channels of VPN for the bankruptcy, the coalition was trained back to several IP addresses in North Korea. Astrall VPN VPN ENDPOINTS, and over Oculus Proxy Network IPS in Russia and eventually go to C & C servers hosted by Stark Industries.
Source link