Hacking Activity of SectorD Group in 2019

A total of 15 subgroups of SectorD have been found to date. They perform hacking activities for the purpose of gathering high-quality information such as politics and diplomacy about individuals or countries that oppose the SectorD government. This article presents a summary of monthly activities of the SectorD Group which were discovered in 2019.

Monthly Threat Actor Group Intelligence Report, October 2019

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from September 21 to October 20, 2019.

Threat Actor Targeting Hong Kong Pro-Democracy Figures

At the end of October, a person deeply involved in the pro-democracy side of the Hong Kong protests received a spear phishing email from someone claiming to be a law student at a top foreign university, requesting for feedback on his supposed thesis which includes recommendations on how to end the Hong Kong unrest. The email contained a link to a Google drive ZIP file.

Monthly Threat Actor Group Intelligence Report, September 2019

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from August 21 to September 20, 2019.

SectorD01: When anime goes cyber

Multiple organizations in Kuwait have been targeted since 2018 by a threat actor we track as SectorD01, whose primary targets appear to be located in the Middle East but also observed by us to target North America, Europe, South Asia and East Asia in other campaigns. In this analysis we will briefly go through some of the tools used by this threat actor in the campaign which are named Sakabota, Diezen, Gon, Hisoka, Netero, and EYE, and explain how these tools are linked to each other and to other activity in the region.

Monthly Threat Actor Group Intelligence Report, August 2019

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from July 21 to August 20, 2019.

Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore

“Hagga” is the username of a Pastebin account used since December last year by a pervasive known group of threat actors which targets thousands of users around the world both for cyber espionage and cyber crime purposes using malspam. Their activities were first discovered in 2017, and the ThreatRecon Team tracks both this group and the members behind “Hagga” collectively as the SectorH01 group.

SectorJ04 Group’s Increased Activity in 2019

SectorJ04 is a Russian-based cybercrime group that began operating about five years ago and conducted hacking activities for financial profit using malware such as banking trojans and ransomware against national and industrial sectors located across Europe, North America and West Africa.

Monthly Threat Actor Group Intelligence Report, June 2019

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from May 21 to June 20, 2019.

SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government

From March to July this year, the ThreatRecon team noticed a spear phishing campaign by the SectorE02 group going on against the Government of Pakistan and organizations there related to defense and intelligence. Spear phishing emails are sent to their victims via Excel XLS files, which asks their victims to enable macros which will end up executing the downloader.