NS BRAVO is suspected to be one of the Chinese cyber intelligence units tasked with stealing data of strategical importance from nations worldwide.
It is possible to detect NS BRAVO using a combination of real-time endpoint detection software and retro-hunting.
APT TANGO uses common penetration testing and spear-phishing tools and techniques to obtain unauthorised access into the networks of its targets. Upon successful infiltration, the group will deploy several custom Windows and Linux attack toolkits. Amongst some of the capabilities identified by Mossé Security that are attributed to this group include:
The origin and motivations of this threat actor are unknown. We have confirmed that APT TANGO steals intellectual property and business documents as well as emails.
Known industries targeted by APT TANGO include: education, finance, technology and transport.
It is possible to detect this adversary using a combination of real-time endpoint detection software, memory forensics and retro-hunting.
CRIME OSCAR is a financially motivated threat actor that targets the finance departments of organisations in the construction, mining, and utility industries. Mossé Security has responded to breaches where this actor has attempted to defraud companies in ranges between $50,000 and 2M.
This actor uses phishing to steal the network credentials of employees, accesses their emails via OWA, Google Suite or Office 365, and then identifies upcoming payments that the organisation will process in the next 30-60 days.
Once one or several internal invoices have been identified, CRIME OSCAR edits the PDF files to change the bank account details where payments must be made and uses social engineering to deceive the finance department into processing the new invoices that have been tampered with.
Anti-virus software, endpoint detection and response software, and firewall devices are ineffective at defending against CRIME OSCAR.
Organisations particularly vulnerable to CRIME OSCAR all had the following in common:
It is possible to detect accounts compromised by CRIME OSCAR by looking for signs of proxy hopping in the access and audit logs of externally-facing email systems.
CRIME CHARLIE is a financially-motivated adversary that uses phishing to steal credentials and resell the information on the Dark Market. This attacker uses automated tools and does not care about being detected.
The greatest concerns that Australian organisations should have about this threat actor are:
It is possible to deter CRIME CHARLIE by enabling two-factor authentication enterprise-wide.
Business executives of small and medium sized firms all over Australia are being targeted by sophisticated social engineers that attempt to defraud them with fake invoices.
Mossé Security responded to multiple breaches where FRAUDSTERS-1 had defrauded companies in the range of $25,000 to $135,000 AUD.
FRAUDSTERS-1 compromises the email servers of business advisory companies located outside of Australia and uses their domain names to send emails to Chief Financial Officers (CFOs) pretending to be the Chief Executive Officer (CEO).
The English language and grammar in their emails is flawless, and they employ numerous social engineering techniques such as calibrated questions, “no” questions, labels, and pretexting. Any successful attack results in deceiving the CFO into wiring funds to money-mules located in South East Asian countries such as Malaysia, Hong Kong and Vietnam.