<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">
Call Us: (855) 695-8200

Cybereason labs analysis: operation cobalt kitty

a large-scale apt in asia carried out by the oceanlotus group

By: Assaf Dahan

Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information.

The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments.

High-level attack outline:

  • Phase one: Fileless operation (PowerShell and Cobalt Strike payloads)
  • Phase two: Backdoors exploiting DLL-hijacking and using DNS tunneling
  • Phase three: Novel outlook backdoor and lateral movement spree
  • Phase four: New arsenal and attempt to restore PowerShell infrastructure

To read the detailed analysis, download Operation Cobalt Kitty ... Meow.