Skip to content

ESET Research deconstructs Asylum Ambuscade: group focused on cybercrime, cyberespionage and attacking countries bordering Ukraine

  • Asylum Ambuscade has been operating since at least 2020.
  • It is a crimeware group that targets individuals, small and medium businesses, bank customers, and cryptocurrency traders in various regions, including North America and Europe.
  • Asylum Ambuscade also performs espionage against government entities in Europe and Central Asia: in 2022, the group reportedly targeted government officials in several European countries bordering Ukraine.

BRATISLAVA, MONTREAL — June 8, 2023 — Today, ESET Research released its analysis of Asylum Ambuscade, a cybercrime group that has been performing cyberespionage operations on the side. The group has been running cyberespionage campaigns since at least 2020. ESET found previous compromises of government officials and employees of state-owned companies in Central Asian countries and Armenia. In 2022 the group reportedly targeted government officials in several European countries bordering Ukraine. ESET Research assesses that the goal of the attackers was to steal confidential information and webmail credentials from official government webmail portals. Asylum Ambuscade usually targets small- and medium-sized businesses (SMBs) and individuals in North America and Europe.

“It appears Asylum Ambuscade is branching out, running some recent cyberespionage campaigns on the side, against governments in Central Asia and Europe from time to time. It is quite unusual to catch a cybercrime group running dedicated cyberespionage operations, and as such we believe that researchers should keep close track of its activities,” explains ESET researcher Matthieu Faou, who investigated the activities of the group.

In 2022, when the group targeted government officials in several European countries bordering Ukraine, the compromise chain started with a spearphishing email containing a malicious Excel spreadsheet or Word document attachment. If the machine was deemed interesting, the attackers eventually deployed AHKBOT, a downloader that can be extended with plugins to spy on the victim’s machine. These plugins provide various capabilities, including taking screenshots, recording keystrokes, stealing passwords from web browsers, downloading files and executing an infostealer.

Even though the group entered the spotlight because of its cyberespionage operations, it has mostly run cybercrime campaigns since early 2020. Since January 2022, ESET Research has counted more than 4,500 victims worldwide. While most of these are located in North America, it should be noted that we have also seen victims in Asia, Africa, Europe and South America. Targeting is very wide and mainly includes individuals, cryptocurrency traders, bank customers, and SMBs in various verticals.

“Asylum Ambuscade’s crimeware compromise chain is, overall, very similar to the one we see for their cyberespionage campaigns. The main difference is the compromise vector, which could be a malicious Google Ad redirecting to a website delivering a malicious JavaScript file or multiple HTTP redirections,” adds Faou.

For more technical information about Asylum Ambuscade, check out the blogpost “Asylum Ambuscade – A curious case of a threat actor at the border between crimeware and cyberespionage” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Geographical distribution of victims since January 2022.

 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Setting your office to autopilot

How do you want your IT team to spend their valuable time?

Do you want them to prioritize the big ticket, business critical projects such as keeping your business secure and optimizing your internal systems, continuing to add value to your company?

Or do you want them to spend hour after hour (after hour) responding to the backlog of little time sync tasks that stack up through the day? The “can you add my new job title to my email?” or the “John’s just joined but he can’t access…”

With CloudM Automate, you can put thousands of tasks a year on autopilot, saving days worth of work hours and allowing your team to concentrate on the important, interesting challenges keeping your organization moving forward.

Onboarding

When a new employee joins the business, or an employee moves to a new role, we want them to hit the ground running. Nothing stalls this enthusiasm more than having to wait for access to the resources that they need.

With CloudM Automate, you can make sure that they have access to all the shared documents, drives and calendars required for their role and department, on day one. All you have to do is make sure they are added to the correct dynamic user group.

You don’t need to go into each resource that they need and share it with the new starter. A 30 minute slog is now down to 2 minutes, at most!

Offboarding

When it comes time to say goodbye to an employee, a lot of individual tasks land in your IT team’s inbox. For example, you need to secure the user’s account (including changing passwords), transfer the ownership of Docs, Sites, Calendars and Groups, migrate emails, and claim back licenses. Even a simple manual offboarding process can take up roughly 30 minutes of your IT team’s valuable time.

CloudM Automate allows you to craft bespoke offboarding workflows of up to 30 individual tasks, automatically assigned to users based on group membership, all triggered with the press of a single button. No more delays, no more errors, no more manual tasks.

Archive

You need to keep your leavers data – It’s as simple as that. Whether it’s to comply with domestic or global data regulations such as GDPR, or just so you can recall a piece of crucial evidence as part of a legal or HR issue.

CloudM Archive allows you to make sure you are always sending your user’s data to a secure cloud storage bucket, 100% owned and managed by you, as part of an offboarding workflow. When it comes time to delete archived data, in accordance with data retention laws, CloudM Archive automatically purges it based on retention policies.

You will be 100% compliant with none of the manual hassle.

***Added Bonus*** Storing your data in the cloud with CloudM Archive is up to 75% cheaper than using Google Archive User licenses so you will save time AND money.

Integrations

CloudM Automate plays well with a host of other SaaS applications including Slack, Box, Dropbox, Bamboo HR and ADP, giving you even more ways to put menial tasks on autopilot.

 

The first way we do this is to allow you to secure and delete SaaS licenses assigned to a leaver as a simple, single step in your offboarding workflows. This is great for making sure that leavers no longer have access to your company data, but will also save you money on used SaaS licenses.

Then, secondly, we have integrations that allow you to make changes to a user’s profile in one SaaS application and have them automatically sync to CloudM Automate. Even better, these changes can automatically trigger onboarding and offboarding workflows, and email signature changes.

Email Signature Management

Any recently promoted or hired employee needs to update their email signature, but instead of hassling the IT department with a ticket, what if it was all done automatically? We use “variable” labels in our templates that take the latest synced information from a user’s CloudM profile or your organization profile.

In fact, with the integrations mentioned in the section above, your HR team can even change the details directly in Bamboo HR or ADP (as they would have to do normally), with the changes syncing over to CloudM Automate, and triggering changes to the user’s email signature. With ZERO interaction from your IT team required.

Also, our role permissions means you can give the right people the right access to our platform. IT admins can give a Marketing or HR team the permissions to create and assign email signatures, without allowing access to any other administrative features, such as onboarding, offboarding and archive.

Streamline your business with CloudM Automate, the award-winning platform that gives you the ability to automate your office, saving you time, stress and money. 

Contact us today and discover for yourself just how valuable office automation can be.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

23.6.0 ‘Voyager’ released

Changes compared to 23.5.0

NOTICE: The “Run when PC Starts” option will now also apply to devices waking up from Sleep

New Features

  • Protected Items defined by Policy can now optionally remain linked for future changes
  • Added several new admin permissions to allow a global admin to help prevent a tenant admin from seeing the Comet service or storage provider types in use. The global admin can hide server history and server info widgets on the dashboard, prevent creation of storage via templates or custom storage, and can also filter the list of allowed cloud storage providers

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×