![]() Using this stolen data, the threat actor has the ability to return to prior victims even after initial incident response. Muddled Libra has shown a penchant for targeting a victim’s downstream customers using stolen data and, if allowed, they will return repeatedly to the well to refresh their stolen dataset. Once established, this threat group is difficult to eradicate. This knowledge allows them to continue progressing toward their goals even as incident responders attempt to expel them from an environment. ![]() The Muddled Libra threat group has also repeatedly demonstrated a strong understanding of the modern incident response (IR) framework. When an attack path is blocked, they have either rapidly pivoted to another vector or modified the environment to allow their favored path. In the incidents the Unit 42 team has investigated, Muddled Libra has been methodical in pursuing their goals and highly flexible with their attack strategies. Their arsenal ranges from hands-on social engineering and smishing attacks to proficiency with niche penetration testing and forensics tools, giving this threat group an edge over even a robust and modern cyber defense plan. Muddled Libra investigations demonstrate the use of an unusually large attack toolkit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |