A custom CovalentStealer malware, the Impacket framework, the HyperBro remote access trojan (RAT), and over a dozen China Chopper webshell samples were used by attackers to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
While the initial access vector is unknown, the threat actor used compromised administrator credentials belonging to a former employee for the mailbox searches and further network connections. The attackers engaged in reconnaissance activity using a command shell. They learned about the victim’s environment and manually archived sensitive data, preparing it for exfiltration. This included contract-related information stored on shared drives.
Entities in the Defense Industrial Base Sector provide products and services that enable support and deployment of military operations. It is unknown who is behind the attack, which lasted for about ten months, but the U.S. government and CISA reported that multiple APT groups were involved.
The AI-powered and behavioral detection engines in Acronis Cyber Protect Cloud identify and block malware on your computers, keeping data and hardware safe even from never-before-seen cyberthreats.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.