Security researchers from Trend Micro have spotted a dozen obfuscated botnets used in a highly targeted malware campaign.
APT33 hackers have been known for aggressive targeting of oil and aviation industries over the years. In most cases, the attackers use spear phishing emails to gain entry into a target’s network and infect computers in order to maintain persistence with their victim’s networks.
However, the attackers have now shifted to more targeted attacks around the globe.
An excerpt from the Trend Micro blog post:
“Our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.”
The APT33 attackers like to use its private VPN networks to access websites of penetration test firms and websites related to cryptocurrencies, vulnerabilities and hacking.
In addition, the actors have continued to target in organizations or websites involved with job recruiting in the oil and gas industry.