CN

TunnelSnakeTunnelSnake

Also known as: TunnelSnake

Origin
CN
Known aliases
1

Profile

The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations. By leveraging Windows drivers, covert communications channels and proprietary malware, the group behind it maintains a considerable level of stealth. That said, some of its TTPs, like the usage of a commodity webshell and open-source legacy code for loading unsigned drivers, may get detected and in fact were flagged by Kaspersky's product, giving them visibility into the group’s operation.

Aliases· 1

TunnelSnake

References

  1. https://www.redpacketsecurity.com/operation-tunnelsnake/
  2. https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Snake Ransomware
Actor
Snake Wine
Actor
DarkHotel
Actor
RAZOR TIGER
Actor
Scarred Manticore
Actor
UNC2659
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.