Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation DRBControl

A cyberespionage campaign targeting the gambling sector in Asia was discovered using a range of tools to exfiltrate sensitive information including source code and databases from its victims. The threat actor behind the operation used various keyloggers, backdoors, and post-exploitation tools to carry out the attacks. The initial infection vector consisted of spear-phishing emails with malicious documents and focused on the support team of the targeted companies. The APT group used multiple techniques including PowerShell, WMI, obfuscation, process injection, and masquerading for persistence, defense evasion, privilege escalation, and lateral movement.
Name Modified Date Sources
Operation DRBControl 2020-02-24