EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Ukraine War Related Cyberattack Risk Increases Outside the Main Conflict And Fluid Cybercriminal Marketplaces Maintain Strong User Bases

Cyberattacks leveraging Ukraine war themes signal expanding risk to organizations not directly involved in the primary conflict, and operations against online marketplaces advertising illicit goods are having little impact on the underlying cybercriminal ecosystems because of fluid user movement.

EclecticIQ Threat Research Team April 20, 2022

tap-7

Threat Actor Update: Opportunistic and Strategic Information Gain Will Likely Drive Further APT Cyber Conflict Outside the Russia-Ukraine War

Since the beginning of April, EclecticIQ analysts have noted increased open-source reporting of APT groups using Ukraine war themes in phishing attacks targeting countries not directly participating in the conflict (1, 2, 3). APT groups with alleged links to China, Iran, North Korea, and an unidentified Spanish-speaking APT have been identified carrying out these attacks, in addition to Russia.

EclecticIQ analysts evaluate this behavior as typical of APT groups that are already continually adjusting operations to remain effective and breach new targets. As the war continues, its progression provides attention-grabbing themes used to direct cyberattacks at users who are most likely to engage with that material. The majority of APT attacks are aimed at information theft, based on malware used in campaigns that lend heavily to remote access and information gathering, and the initial access vectors.

Less common attacks are possibly aimed at strategic service disruption as part of more complex State-on-State conflict (4, 5, 6, 7). The April 12 attack targeting a Bremen-based German wind power company represents the third attack on a German wind power company since the start of the war. This third attack is alleged to be linked to the war in Ukraine based on initial comments from “experts” connected to the matter. It is possible that ransomware attacks will also serve as an extension of strategic activities of APT groups connected to State interests, providing both disruption and strategic information gain.

New and Noteworthy: Law Enforcement Operations Chip Away at Illicit Markets With Little Effect

On February 27th RaidForums’ primary command and control infrastructure was taken down and US law enforcement placed an announcement on the landing page (8). RaidForums was a very popular marketplace that often advertised illicit cyber-related activities. A separate law enforcement operation recently took down the Hydra marketplace (9). Many, many more dark marketplaces remain available through the internet and TOR.

These sanctioned operations demonstrate a degree of prioritization of official resources aimed at combating these prevalent websites. Targeted takedowns are very likely not have a significant effect on the larger landscape for the exchange of illicit goods and data. The primary administrator of RaidForums started the service when he was about 14 years old. This is a very clear indication of how easily these markets are set up and maintained. Much like a literal hydra, dark marketplaces will continue to spring up in different forms, hosted in various countries, offering the same services, and end-users will migrate to new sites with ease. A 2020 study of almost 40 million users’ activity across dark markets found that the ecosystem is resilient and largely aided by fluid user migration (https://www.nature.com/articles/s41598-020-74416-y) Narrowing the time between identification and takedown of dark marketplaces is likely to provide further, a more effective deterrent for threat actors involved in creating and maintaining infrastructure.

You might also be interested in:

Issue #06 : Racoon Stealer Development Hiatus, Updates on LAPSUS$ and North Korean State Backed Operations

Issue #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Issue #04: MuddyWater APT attributed to Iranian Ministry of Intelligence and Security, and the Increasing Global Ransomware Threat

References:

  1. https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/
  2. https://thehackernews.com/2022/04/multiple-hacker-groups-capitalizing-on.html
  3. https://securityaffairs.co/wordpress/129982/apt/microsoft-court-order-apt28-attacks-ukraine.html
  4. https://www.butenunbinnen.de/nachrichten/cyberangriff-auf-deutsche-windtechnik-ag-bremen-102.html
  5. https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
  6. https://www.energate-messenger.com/news/221449/hackers-attack-nordex
  7. https://www-techtimes-com.cdn.ampproject.org/c/s/www.techtimes.com/amp/articles/272624/20220305/europe-cyberattack-results-massive-internet-outage-5-800-wind-turbines.htm
  8. https://www.bleepingcomputer.com/news/security/raidforums-hacking-forum-seized-by-police-owner-arrested/
  9. https://www.cyberscoop.com/hydra-market-sting-germany-bka/ 

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

You may also download the content as eiq_json, stix1_2, stix2_1.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo