How An Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations
20 hours ago
- #reconnaissance
- #AI-workflows
- #threat-actor
- A threat actor accidentally installed Huntress on their own machine, giving Huntress a detailed look into their operations.
- The attacker found Huntress through a Google ad while researching security solutions, including Bitdefender and Malwarebytes.
- Huntress identified the attacker through unique machine names and browser history showing malicious activities like phishing and Evilginx searches.
- The attacker used AI tools like Make.com to automate workflows, including translating messages and generating data.
- Evidence showed the attacker researching residential proxies, scraping Telegram data, and targeting banks and real estate companies.
- The attacker conducted extensive reconnaissance on companies, their customers, and third-party vendors using tools like BuiltWith.
- Huntress observed the attacker's daily activities, including using Google Translate for phishing and accessing dark web markets like STYX.
- The attacker spent significant time on banking websites, particularly in Nigeria, and interacted with Huntress' dashboard after starting a trial.
- Huntress gathered intelligence on over 2,471 compromised identities and improved detection capabilities based on the attacker's methods.
- The incident provided rare insights into a threat actor's workflow, tools, and targeting strategies over a three-month period.