Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Greenbug Telecom Providers

Telecommunication companies in South Asia were targeted by the Greenbug espionage group with multiple backdoors, webshells, and stagers to steal credentials and sensitive information. The threat actor used malicious CHM files during the initial infection vector and legitimate sysadmin tools such as Plink and Bitvise to proxy the connections back to command and control servers. During the operation the group also used legitimate tools including Mimikatz, Cobalt Strike, and Metasploit and various local tools on the infected system such as PowerShell, WMI, and the BITS administration utility.
Name Modified Date Sources
Operation Greenbug Telecom Providers 2020-05-21