"When it comes to adversary naming conventions, CrowdStrike has an in-depth analytic process," the company told BleepingComputerr via email. Labyrinth Collima activity is known to overlap with that of other threat actors such as Kaspersky's Lazarus Group, Dragos' Covellite, Mandiant's UNC4034, Microsoft's Zinc, and Secureworks' Nickel Academy. While CrowdStrike believes this attack was carried out by a North Korean state-backed hacking group known as Labyrinth Collima, Sophos researchers say they "cannot verify this attribution with high confidence." "The spawning of an interactive command shell has been observed to be the most common post-exploitation activity observed to date," Sophos added in an advisory distributed through its Managed Detection and Response service. "The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a few cases, hands-on-keyboard activity," CrowdStrike's threat intelligence team explained.
0 kommentar(er)
