The Microsoft threat intelligence team recently reported that the Russian actor, known as Secret Blizzard, is using malware linked to other threat actors to deploy the Kazuar backdoor on Ukrainian military systems. This marks the second instance of Secret Blizzard repurposing cybercrime efforts since 2022, illustrating its strategy of leveraging diverse attack vectors.
In their analysis, Microsoft highlighted that Secret Blizzard's tactic of commandeering other threat actors underscores a sophisticated approach to cyber operations. Their ability to utilize the Amadey bot malware facilitates targeted attacks on 'specifically selected' systems linked to Ukraine’s military, demonstrating their operational adaptability.
Past operations of Secret Blizzard indicate a strategic preference for targeting government entities worldwide, specifically focusing on foreign affairs ministries, embassies, and defense sectors. The recent findings align with their established pattern of seeking long-term covert access for intelligence gathering.
Notably, the report unveils a broader context of cybercrime operations, detailing Secret Blizzard's audacious hijacking of command-and-control servers from other hacking groups like Storm-0156, showcasing a collaborative yet predatory landscape where adversaries exploit each other’s infrastructures to bolster their capabilities.
Collection
[
|
...
]