ESET's cybersecurity researchers have recently uncovered a relatively new hacker outfit that has had great success targeting organisations all around the world.
The researchers are still unsure of the group's eventual goal, which goes by the name of Asylum Ambuscade. BleepingComputer claims that over the past three years, it has been active all over the world, but primarily in the West.
It makes use of many different tools, such as the Sunseed malware, Akhbot, and Nodebot, which enable the team to carry out a wide range of malicious operations, such as stealing screenshots, stealing passwords stored in well-known web browsers, deploying Cobalt Strike loaders, running a keylogger, and more.
In short, the group's skills encompass everything from espionage to cybercrime.
They have a wide range of targets, including small and medium-sized businesses (SMB), government officials and organisations, bank customers, cryptocurrency speculators, and traders.
Modus operandi
Typically, a phishing email including a malicious script is the first step in an assault. Depending on the target's endpoints, the group selects which extra payloads to send after downloading the Sunseed virus.
The researchers discovered that in certain cases the group generated Google Ads that drove consumers to websites that included malicious JavaScript code.
Additionally, the organisation appears to be very successful. Researchers at ESET began monitoring the gang's activity in January of last year and have since discovered almost 4,500 victims, which suggests the group targeted 265 businesses and organisations each month.
The group's intentions continue to be the biggest mystery. The researchers are unable to precisely identify what the group is attempting to do because they have access to a wide variety of tools that can be used to commit all types of cybercrime and a diverse list of victims. One explanation contends that the group is just selling knowledge and access to other threat actors, which explains their diverse strategy.