Asylum Ambuscade : Crimeware ๋˜๋Š” Cyberespionage?

Asylum Ambuscade : Crimeware ๋˜๋Š” Cyberespionage?

Crimeware ๊ทธ๋ฃน์€ ๋ถ๋ฏธ ๋ฐ ์œ ๋Ÿฝ์„ ํฌํ•จํ•œ ๋‹ค์–‘ํ•œ ์ง€์—ญ์˜ ์€ํ–‰ ๊ณ ๊ฐ ๋ฐ ์•”ํ˜ธ ํ™”ํ ๊ฑฐ๋ž˜์ž๋ฅผ ๋Œ€์ƒ์œผ๋กœ ํ•˜๊ณ , Asylum Ambuscade๋Š” ์œ ๋Ÿฝ๊ณผ ์ค‘์•™ ์•„์‹œ์•„์˜ ์ •๋ถ€ ๊ธฐ๊ด€์„ ๋Œ€์ƒ์œผ๋กœ ํ•˜๋Š” ์‚ฌ์ด๋ฒ„ ๋ฒ”์ฃ„ ๊ทธ๋ฃน์ž…๋‹ˆ๋‹ค. 2022 ๋…„ 3 ์›” ๋Ÿฌ์‹œ์•„-์šฐํฌ๋ผ์ด๋‚˜ ์ „์Ÿ ์‹œ์ž‘ ์ดํ›„ ๋ช‡ ์ฃผ ๋งŒ์— ๋‚œ๋ฏผ ๋•๊ธฐ๋ฅผ ๋ชฉ์ ์œผ๋กœ ๊ณต๊ฐœ์ ์œผ๋กœ ๋‚˜์™”์œผ๋ฉฐ, 2022 ๋…„ ์ดˆ๋ถ€ํ„ฐ 2023 ๋…„ ์ดˆ๊นŒ์ง€ ์—ฌ๋Ÿฌ ์‚ฌ์ด๋ฒ„ ๋ฒ”์ฃ„ ์บ ํŽ˜์ธ์— ๋Œ€ํ•œ ์„ธ๋ถ€ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋“ค์˜ ์ž„ํ”Œ๋ž€ํŠธ๋Š” Autohotkey, JavaScript, Lua, Python ๋ฐ VBS์™€ ๊ฐ™์€ ์Šคํฌ๋ฆฝํŠธ ์–ธ์–ด๋กœ ๊ฐœ๋ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Crimeware ๊ทธ๋ฃน๊ณผ Asylum Ambuscade๋Š” ๋‹ค์–‘ํ•œ ์ง€์—ญ์˜ ์€ํ–‰ ๊ณ ๊ฐ, ์•”ํ˜ธ ํ™”ํ ๊ฑฐ๋ž˜์ž ๋ฐ ์œ ๋Ÿฝ๊ณผ ์ค‘์•™ ์•„์‹œ์•„์˜ ์ •๋ถ€ ๊ธฐ๊ด€์„ ๋Œ€์ƒ์œผ๋กœ ํ•˜๋Š” ์‚ฌ์ด๋ฒ„ ๋ฒ”์ฃ„ ๊ทธ๋ฃน์ž…๋‹ˆ๋‹ค. 2022 ๋…„ 3 ์›” ๋Ÿฌ์‹œ์•„-์šฐํฌ๋ผ์ด๋‚˜ ์ „์Ÿ ์‹œ์ž‘ ์ดํ›„ ๋ช‡ ์ฃผ ๋งŒ์— ๊ณต๊ฐœ์ ์œผ๋กœ ๋‚˜์™”์œผ๋ฉฐ, 2022 ๋…„ ์ดˆ๋ถ€ํ„ฐ 2023 ๋…„ ์ดˆ๊นŒ์ง€ ์—ฌ๋Ÿฌ ์‚ฌ์ด๋ฒ„ ๋ฒ”์ฃ„ ์บ ํŽ˜์ธ์˜ ์„ธ๋ถ€ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•˜๋ฉฐ, Autohotkey, JavaScript, Lua, Python ๋ฐ VBS์™€ ๊ฐ™์€ ์Šคํฌ๋ฆฝํŠธ ์–ธ์–ด๋กœ ๊ฐœ๋ฐœ๋œ ์ž„ํ”Œ๋ž€ํŠธ๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

Asylum Ambuscade: crimeware or cyberespionage?

The CRIMEWARE Group is aimed at bank customers and cryptocurrency traders in various regions, including North America and Europe, and Asylum Ambuscade is a cybercrime group for government agencies in Europe and Central Asia.It has been publicly released for the purpose of helping refugees a few weeks since the start of the Russian-Ukrainian war in March 2022, and provides detailed information about several cyber crime campaigns from early 2022 to early 2023.Their implants have been developed in scripting languages such as Autohotkey, JavaScript, Lua, Python and VBS.

The Crimeware Group and Asylum Ambuscade are cybercrime groups targeting banks in various regions, cryptocurrency traders, and government agencies in Europe and Central Asia.It has been openly released in a few weeks since the start of the Russian-Ukrainian War in March 2022, and provides detailed information of several cyber crime campaigns from early 2022 to early 2023, and scripts such as Autohotkey, Javascript, Lua, Python and VBSUse implants developed in language.

https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/