Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns

ESET has linked several cybercrime and espionage campaigns to a threat actor tracked as Asylum Ambuscade.

A threat actor tracked as ‘Asylum Ambuscade’ has been engaging in both cybercrime and espionage campaigns for roughly three years, cybersecurity firm ESET reports.

Also tracked as TA445, the group was initially detailed in March 2022, after it was observed targeting European government personnel involved in helping Ukrainian refugees.

Asylum Ambuscade has been active since at least 2020 and previously compromised “government officials and employees of state-owned companies in Central Asia countries and Armenia”, ESET says.

While espionage represents the spotlight of the group’s activities, Asylum Ambuscade mainly engaged in cybercrime campaigns over the past three years, with more than 4,500 victims identified worldwide, including cryptocurrency traders, small and medium businesses (SMBs), and individuals.

The majority of the threat actor’s victims are in North America, but ESET also identified compromised entities in Asia, Africa, Europe, and South America.

Asylum Ambuscade’s cybercrime and espionage campaigns employ similar compromise chains, which either start with ads leading to a malicious JavaScript file and multiple redirections, or with a spear-phishing email with a malicious attachment leading to a malware downloader.

To evade detection, the threat actor has been using different variants of the SunSeed downloader, which were written in Lua, Tcl, and Visual Basic, and of the Ahkbot second-stage downloader, written in AutoHotkey or Node.js (named Nodebot).

Neither SunSeed nor Ahkbot are available on underground forums, and ESET believes that the identified cybercrime and espionage campaigns are operated by the same threat actor, Asylum Ambuscade.

Advertisement. Scroll to continue reading.

Furthermore, the cybersecurity firm believes Asylum Ambuscade is responsible for a 2020 campaign targeting US and Canadian bank users and for the recently detailed Screentime campaign, in which a screenlogger was used to collect information on high-value targets.

“Asylum Ambuscade is a cybercrime group mostly targeting SMBs and individuals in North America and Europe. However, it appears to be branching out, running some recent cyberespionage campaigns on the side, against governments in Central Asia and Europe from time to time,” ESET concludes.

Related: Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign

Related: Microsoft Will Name Threat Actors After Weather Events

Related: Cybercrime Losses Exceeded $10 Billion in 2022: FBI

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.