APT34 Targets U.S. Enterprises with New SideTwist Trojan Variant
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Malicious Macro,Malware,Trojan,Phishing
- Attack Complexity: Medium
- Threat Risk: Low Impact/High Probability
Threat Overview
APT34 has launched a new phishing campaign, using a decoy file named “GGMS Overview.doc” to target U.S.-based enterprises. The campaign employs a variant of the SideTwist Trojan for long-term control over victim hosts. Malicious macros in the document deploy the Trojan, which communicates with a C&C server. Interestingly, the C&C IP address is associated with the United States Department of Defense Network Information Center. The Trojan is capable of executing commands from the C&C and exfiltrating local files. It suggests the APT34 group might be conducting a test operation to preserve attack resources.
Detected Targets
Type | Description | Confidence |
---|---|---|
Region | United States | Medium |
Extracted IOCs
- 056378877c488af7894c8f6559550708
- 5e0b8bf38ad0d8c91310c7d6d8d7ad64
- 11[.]0.188.38
- hxxp://11[.]0.188.38:443/
Tip: 4 related IOCs (1 IP, 0 domain, 1 URL, 0 email, 2 file hash) to this threat have been found.