Security News > 2023 > June > Asylum Ambuscade hackers mix cybercrime with espionage
A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime.
ESET has published a new report on the actor today, disclosing more details about last year's Asylum Ambuscade operations and highlighting updates on its victimology and toolset.
Asylum Ambuscade typically launches its attacks with spear-phishing emails sent to targets, carrying malicious document attachments that run malicious VBS code, and after June 2022, an exploit for CVE-2022-30190.
Asylum Ambuscade maintains an almost perplexingly broad targeting scope in 2023, targeting bank customers, cryptocurrency traders, government entities, and various small and medium businesses across North America, Europe, and Central Asia.
ESET has counted 4,500 victims since it started tracking Asylum Ambuscade in January 2022, equating to roughly 265 victims/month, making this a very prolific threat actor and a severe threat to organizations worldwide.
In conclusion, Asylum Ambuscade's specific operational goals remain unclear.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |