Between late 2022 to present, SloppyLemming has routinely used Cloudflare Workers, likely as part of a broad espionage campaign targeting South and East Asian countries.
The actor uses a custom-built tool named CloudPhish to create a malicious Cloudflare Worker to handle the credential logging logic and exfiltration of victim credentials.
Targets of the SloppyLemming's activity span government, law enforcement, energy, education, telecommunications, and technology entities located in Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.
Some of the attacks undertaken by SloppyLemming have leveraged similar techniques to capture Google OAuth tokens, as well as employ booby-trapped RAR archives.
[
Collection
]
[
|
...
]