The Holmium threat actor group has been active since at least 2013.
They target firms specifically located in the US, Saudi Arabia, and South Korea.
In its recent report, Microsoft has revealed that the infamous APT33, also known as Holmium or Magnallium cybercriminal group, stole data from about 200 companies in the past two years. These Iranian hackers penetrated into systems, businesses, and governments and have caused hundreds of millions of dollars in damages. The Holmium threat actor group has been active since at least 2013.
Primary targets: The Holmium threat actor group has targeted organizations spanning across different sectors. They targeted firms specifically located in the US, Saudi Arabia, and South Korea. Lately, the group has shifted its focus on the aviation firms that are involved in both military and commercial capacities. It is also targeting those organizations that are tied to petrochemical production.
Modus operandi: The APT33 primarily relies on spear-phishing emails to conduct a majority of its attacks. These emails include URLs that are linked to some specific files (such as .hta). Once the user clicks on the URL, it downloads the malware, thus initiating the infection process.
The cybercriminal group also uses a range of malware in its different attack campaigns. This includes SHAPESHIFT, DROPSHOT, TURNEDUP, NANOCORE, NETWIRE, and ALFA Shell. The group also leverages popular Iranian hacker tools and DNS servers for its attack campaigns.
Examples:
‣ From mid-2016 to early 2017, the Magnallium threat actor group compromised a US firm in the aerospace sector and targeted a business group located in Saudi Arabia.‣ At the same time, it also targeted a South Korean company doing business in oil refining and petrochemicals.‣ In May 2017, it target ..
Support the originator by clicking the read the rest link below.
