A naukri.com initiative
Securityaffairs
3w
113
Image Credit: Securityaffairs
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
- Russian-speaking cyber espionage group Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, UNC2596, has been targeting critical infrastructure, governments, and NATO-linked entities using RomCom RAT and Hancitor since 2019.
- Nebulous Mantis deploys RomCom via spear-phishing for espionage, lateral movement, and data theft. The group continuously evolves its C2 infrastructure using advanced evasion techniques and bulletproof hosting to maintain persistence and evade detection.
- The APT group imitates trusted services like OneDrive to trick victims into downloading infected files hosted on Mediafire. Their multi-phase intrusions involve initial access, privilege escalation, data exfiltration, modular malware, LOTL techniques, and evasive C2 infrastructure.
- Nebulous Mantis uses RomCom malware in multi-stage attacks involving system profiling, credential harvesting, AD/domain enumeration, lateral movement, and data staging. The group maintains persistence through registry manipulation and exhibits operational discipline in minimizing their footprint.
Read Full Article
6 Likes
For uninterrupted reading, download the app