Security News > 2021 > March > Researchers Dive into the Operations of SilverFish Cyber-Espionage Group
Researchers with the PRODAFT Threat Intelligence Team took a deep dive into the operations of the SilverFish cyber-espionage group and linked one of its command and control servers with recent high-profile malicious attacks.
The investigation, which started from indicators of compromise published for the December 2020 SolarWinds attacks, has led the researchers to identifying a new advanced persistent threat group called SilverFish, which has conducted cyber-attacks on at least 4,720 targets worldwide.
Extremely well-organized, the researchers claim the group is believed to have close connections with the SolarWinds attacks, as well as with EvilCorp, the Russian-speaking cyber-crime group that operates TrickBot, Dridex, and other well-known malware families.
The researchers also note that the group is mainly focused on reconnaissance and data exfiltration, that it is well organized, that they have developed a malware detection sandbox that leverages actual live victim servers, and that, although the investigation focused on US and Europe, the group has ongoing campaigns in other parts of the world as well.
"Considering the change frequency of the domains, we believe that the SilverFish group has more than thousand already compromised web sites which are rotated almost every other day. Our research also shows that significant number of the compromised websites were using WordPress," the report reads.
The SilverFish group, the researchers say, appears involved in multiple ongoing operations that employ the same tools, tactics, and procedures, but target different regions, for different motives.