Menlo Security Exposes Three New Nation-State Campaigns
June 27 2024 - 7:00AM
Business Wire
State-sponsored threat actors seen employing
evasive techniques to target government, banking, and healthcare
organizations
Menlo Security, a leader in browser security, today released its
latest report, “Global Cyber Gangs,” which uncovered three novel
nation-state campaigns employing highly evasive and adaptive threat
(HEAT) attack techniques. The report highlights state-sponsored
threat actors' growing sophistication and shifting behavior and
describes how their novel techniques evade traditional security
controls.
In a recent 90-day period, Menlo Labs uncovered a trifecta of
sophisticated HEAT campaigns—LegalQloud, Eqooqp, and
Boomer—compromising at least 40,000 high-value users,
including C-suite executives from major banking institutions,
financial powerhouses, insurance giants, legal firms, government
agencies, and healthcare providers. The breadth and depth of these
breaches signal an alarming escalation in cyber warfare, all
detailed in this report.
“This year, state-sponsored cyberattacks such as these have
impacted at least one-third of American citizens,” said Andrew
Harding, Vice President of Security Strategy at Menlo Security.
“State-sponsored cyberattacks are a looming cloud over security
leaders, and our research shows that they have been growing in both
sophistication and scale. One thing is clear: attackers are moving
fast and refreshing their tactics to target the browser, and
traditional security controls such as SSE or SWG are letting these
attacks slip through the cracks.”
Menlo Labs identified these novel campaigns:
LegalQloud, hosted on Tencent Cloud (the largest Internet
company in China), impersonates legal firms to steal Microsoft
credentials, targeting governments and investment banks in North
America. Menlo Labs discovered 500 enterprises targeted by this
campaign in a 90-day period, bypassing URL categorization and block
lists.
Eqooqp can defeat multifactor authentication (MFA) and
targets a range of government and private sector organizations,
including logistics, finance, petroleum, manufacturing, higher
education, and research. Nearly 50,000 attacks associated with this
campaign have been detected and stopped by Menlo Cloud in recent
months.
Boomer is an intricate phishing campaign targeting
sectors such as government and healthcare. In Boomer attacks,
threat actor employs advanced evasive techniques including dynamic
phishing sites, custom HTTP headers, tracking cookies, bot
detection countermeasures, encrypted code, and server-side
generated phishing pages.
Other key findings surrounding these campaigns include:
- 60% of malicious links clicked by a user are attributed to
phishing or fraud.
- 25% of phishing links clicked by the user goes undetected by
legacy URL filtering.
- Microsoft is the most impersonated brand across
industries.
The Menlo Security findings presented in this report reveal the
increasing sophistication and alarming prevalence of evasive
attacks by nation-state actors, capable of bypassing MFA using
Adversary in the Middle (AiTM) kits. Leveraging unique and
early-stage telemetry from within the Menlo Cloud, Menlo Security
developed effective defenses against these HEAT attacks. The Menlo
Secure Cloud Browser, with HEAT Shield phishing prevention, offers
real-time protection by executing web requests in the cloud. This
eliminates the browser attack surface, preventing malicious
activities from ever reaching endpoints.
Download the Global Cyber Gangs Report to read the full
findings, including which specific tactics each campaign used, the
verticals they are targeting, and how these evasive techniques are
evolving.
To learn more about the role of browser security in eliminating
the risk of highly evasive threats, visit Menlo Security’s platform
overview page or schedule a demo.
About Menlo Security
Menlo Security protects organizations from cyber threats that
attack web browsers. Menlo Security’s patented Cloud-Browser
Security Platform scales to provide comprehensive protection across
enterprises of any size, without requiring endpoint software or
impacting the end user-experience. Menlo Security is trusted by
major global businesses, including Fortune 500 companies, eight of
the ten largest global financial services institutions, and large
governmental institutions. The company is backed by Vista Equity
Partners, Neuberger Berman, General Catalyst, American Express
Ventures, Ericsson Ventures, HSBC, and JPMorgan Chase. Menlo
Security is headquartered in Mountain View, California. For more
information, please visit www.menlosecurity.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240627117009/en/
Emily Ashley Lumina Communications for Menlo Security
Menlo@luminapr.com