Researchers at Mandiant said they first noticed the campaign last June while watching phishing attacks targeting their US customers. During this campaign, hackers attempted to infect targets with three new malware families named Touchmove, Sideshow and Touchshift by the company.
The hackers in these attacks also demonstrated new capabilities to counter endpoint detection by operating in the target’s cloud environments. Mandiant suspects that the UNC2970 hacker group is specifically targeting cybersecurity researchers.
Shortly after the discovery, Mandiant responded to multiple intrusions into the American and European media. To do this, hackers used phishing resumes to trick targets into opening the file and infecting their computers. More recently, the group has begun using fake LinkedIn accounts of so-called recruiters and moving from the media to cybersecurity companies.
“While the group has previously targeted the defense, media and tech industries, an attack on security researchers means a change in strategy or an expansion of their operations,” Mandiant researchers wrote.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
