Overview
Explore a conference presentation that investigates the unique threat group Asylum Ambuscade, which emerged targeting European government personnel following Russia's invasion of Ukraine. Learn how this distinct group operates simultaneously in both espionage and crimeware activities, targeting European diplomats for war-related intelligence while also compromising bank customers and cryptocurrency traders globally. Discover their unusual approach of targeting both Ukrainian allies and Russian officials, their use of Russian-speaking operatives, and their distinctive deployment of crimeware-style tools for high-value espionage targets - a stark contrast to traditional regional threat actors. Examine the complete compromise chain linking to their 2020 crimeware activities, understand their victimology and TTPs, and delve into the unusual phenomenon of a crimeware group engaging in state-level espionage operations.
Syllabus
NSEC 2023 - Asylum Ambuscade: Crimeware or cyberespionage?
Taught by
NorthSec