Iran-based APT Group Builds Own VPN Network
Iran-based threat group APT33 (aka Elfin and Refined Kitten) has been conducting cyber espionage activities from its own private network of VPN nodes. In recent campaigns, the group has targeted a private US company that offers services related to national security, victims connected to a university and a college in the US, a victim most likely related to the US military, and several victims in the Middle East and Asia. Besides using the private VPN network to hide its real IPs and location, the infrastructure also contained backend servers for controlling bots that delivered malware. APT33 has been using the VPN network for reconnaissance of networks that are relevant to the research and supply chain of the oil industry.
References:More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services