Mandiant Uncovers New Espionage Campaign
- Mandiant, a cybersecurity firm, has announced the discovery of a new espionage campaign targeting organizations in Southeast Asia.
- The campaign, code-named “GhostEye,” is believed to have been active since at least July 2021.
- The attackers behind GhostEye have employed various tactics, including spear-phishing emails and the use of trojanized documents.
- The ultimate goal of the campaign is unclear, but it appears to be targeting sensitive information.
- Mandiant has not attributed the campaign to a specific threat actor, but notes that the tactics and techniques used suggest it may be linked to a known state-sponsored group.
The cybersecurity firm Mandiant has uncovered a new espionage campaign, dubbed “GhostEye,” that has been targeting organizations in Southeast Asia since at least July of this year. The campaign appears to be focused on stealing sensitive information, though it is unclear who is behind it and what their ultimate goal may be.
According to Mandiant’s report, the attackers behind GhostEye have been using a variety of tactics to infiltrate their targets’ networks. These include spear-phishing emails, which are designed to trick the recipient into clicking on a malicious link or opening a contaminated attachment, as well as the use of trojanized documents that contain malware.
While Mandiant has not definitively attributed the campaign to a specific group, the techniques used suggest that it may be linked to a known state-sponsored threat actor. This is based on the fact that there are similarities between GhostEye and previous state-sponsored campaigns, including those carried out by groups associated with China and North Korea.
The fact that the campaign has been active since at least July suggests that the attackers are highly motivated and well-funded, and that they have the resources to carry out a sustained and sophisticated operation.
Summing It Up:
Mandiant’s discovery of the GhostEye campaign highlights the ongoing threat posed by state-sponsored hackers and the need for organizations to remain vigilant against the possibility of a cyber attack. As always, the best defense is to practice good cyber hygiene, including strong passwords, careful email scrutiny, and the use of up-to-date security software.Original Article: https://www.infosecurity-magazine.com/news/barracuda-zero-day-exploited/