APT44
APT44 is a known hacking group that needs to be researched and this article updated.
Alternate names
Leek Spider,
APT44 is an advanced persistent threat (APT) group that has been active since at least 2013 and continues to be a significant cybersecurity concern for organizations worldwide. The group, also known as "OceanLotus," is believed to have ties with the Vietnamese government and military intelligence agency. APT44 targets a wide range of industries including finance, energy, defense, and telecommunications through various tactics such as spear-phishing emails, watering hole attacks, and exploiting vulnerabilities in software. The group has been linked to several high-profile cyberattacks on organizations in the United States, Europe, Africa, Asia, Australia, and Latin America. APT44 is considered a sophisticated threat actor that employs advanced techniques such as stealth malware, rootkit evasion, and anti-forensic measures to evade detection by security solutions.
Techniques, tactics and practices:
APT44 employs a variety of advanced techniques to evade detection by security solutions. Some of these include stealth malware that can hide from antivirus software, rootkit evasion tactics such as hiding the malware in legitimate system files or processes, and anti-forensic measures designed to erase any evidence of their presence on a compromised system. The group also uses various tactics such as spear-phishing emails that target specific individuals within an organization with personalized messages containing links or attachments infected with malware. APT44 has been known to exploit vulnerabilities in software, including zero-day attacks and outdated versions of popular applications like Microsoft Office. Additionally, the group employs watering hole attacks where they compromise legitimate websites that are frequently visited by their target organizations or individuals, infecting them with malware when they visit these sites. Overall, APT44 is a highly
Alternative Names
Sandworm Team, TEMP.Noble, Electrum, TeleBots, Quedagh Group, BE2 APT, Black Energy, Iridium, Hades, Voodoo Bear, Quedagh, Iron Viking, Grey Energy, G0034, IRON VIKING,
