CyberWire Daily Credential harvesters in the cloud. [Research Saturday]
Nov 16, 2024
Blake Darché, Head of Cloudforce One at Cloudflare, dives into the murky world of the threat actor known as SloppyLemming. He reveals their extensive espionage campaigns targeting critical sectors in South Asia, employing tactics like credential harvesting and malware delivery. Despite their advanced methods, SloppyLemming's poor operational security has provided investigators with crucial insights. Darché emphasizes the importance of collaboration and robust defenses in mitigating these evolving cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Sloppy Lemming's Focus
- Sloppy Lemming is an Asian-based threat actor targeting South and East Asian countries.
- Their espionage campaign focuses on government and military organizations, with an emphasis on Pakistan.
Cloud Service Abuse
- Sloppy Lemming uses multiple cloud service providers to make tracking their operations difficult.
- This tactic hinders incident response as providers may only see a small part of the operation.
Mitigation Strategies
- Patch computers, especially for known vulnerabilities like the WinRAR CVE (2023-38).
- Implement robust email security to defend against phishing attacks, a common starting point for many cyberattacks.