Iran-based APT Group Builds Own VPN Network

Iran-based threat group APT33 (aka Elfin and Refined Kitten) has been conducting cyber espionage activities from its own private network of VPN nodes. In recent campaigns, the group has targeted a private US company that offers services related to national security, victims connected to a university and a college in the US, a victim most likely related to the US military, and several victims in the Middle East and Asia. Besides using the private VPN network to hide its real IPs and location, the infrastructure also contained backend servers for controlling bots that delivered malware. APT33 has been using the VPN network for reconnaissance of networks that are relevant to the research and supply chain of the oil industry.
References:
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow TargetingMore Weekly Cyber Newsanalysis and insights

Weekly Comments

More Threats Targeted the Healthcare Sector in 2019

New JavaScript Skimmer has Anti-Forensics Feature

Ransomware Hits State Government Systems

New APT Group Impersonates Government Agencies to Spread Malware

Turkish Cybercriminals Clone Cards, Pilfer ATMs
Ensign Consulting
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services
Ensign Labs
Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence