Asylum Ambuscade, a well-known cybercrime group that usually targets individuals and small to medium-sized businesses (SMBs) in North America and Europe, has broadened its criminal activity to include cyberespionage, according to a recent report by cybersecurity company ESET. The development is noteworthy because it is rare for a cybercriminal group to move into the area of cyberespionage.
ESET’s research reveals that Asylum Ambuscade is now targeting government officials in several European countries bordering Ukraine, as well as government officials and employees of state-owned companies in Central Asian countries and Armenia. This is a marked change from the group’s usual focus on individuals and SMBs.
The cybersecurity experts at ESET have been monitoring Asylum Ambuscade for some time and have reported on the group’s previous activities, such as using “social engineering” to trick victims into installing malware that could capture passwords or other information. Past victims of the group included bank customers and cryptocurrency traders. ESET first became aware of Asylum Ambuscade’s cyberespionage activities in late 2020, which involved a phishing campaign targeting government officials, as well as NGO employees and journalists.
In early 2021, Asylum Ambuscade changed its tactics again and started using sophisticated malware to hack into government networks, according to ESET. The group developed its own custom malware, which is designed to blend into the system it infects, making it harder to detect. It then uses stolen credentials to move around the network and gain access to sensitive data.
ESET’s report notes that Asylum Ambuscade has now become a “fully-fledged cyberespionage” group, which is a concerning development because government officials and infrastructure are usually the targets of nation-state hacking groups. It is not clear who Asylum Ambuscade is working for, although some cybersecurity experts have suggested that they may be affiliated with a nation-state actor. ESET researchers say that the group’s tactics and targets indicate that it is “likely to be politically motivated.”
The shift to cyberespionage may have been driven by financial gain or factors such as ideology or political influence, according to ESET. The cybercriminal group may be hoping to sell the sensitive information it has stolen, or it may be trying to influence the decisions of governments and organizations by compromising their confidential data.
ESET’s report emphasizes the need for government organizations and enterprises to take cybersecurity seriously and to implement measures to protect against both cybercrime and cyberespionage. The report states that “the lines are becoming increasingly blurred between cybercrime and cyberespionage. Cybercriminal groups can sometimes act on behalf of nation-states and vice versa.”
Asylum Ambuscade’s evolution from cybercrime to cyberespionage highlights a growing trend among cybercriminals to diversify their tactics. This trend is concerning because it makes it harder for law enforcement and security services to anticipate and prevent cyber threats. Asylum Ambuscade’s success in breaking into government networks and stealing sensitive information is a reminder of the need for organizations to remain vigilant and invest in cybersecurity measures.
In conclusion, ESET’s report sheds light on the evolving nature of cybercrime and the growing threat of cyberespionage. The expansion of Asylum Ambuscade’s activities into the realm of cyberespionage highlights the need for all organizations to remain vigilant and take steps to protect their sensitive information. The report also emphasizes the importance of international cooperation in fighting cybercrime and cyberespionage.