“Through prompting, they conduct reconnaissance, create lures for social engineering, and seek answers to basic technical questions for post-compromise activity and C2 infrastructure setup,” GTIG explained in itsreport.North Korea-linked groups blend espionage with revenue generation through IT worker infiltration schemes at defense firms.Google has described attacks conducted byAPT45against defense, automotive manufacturing, and semiconductor companies in South Korea;APT43attacks impersonating defense entities in the US and Germany; and UNC2970 campaigns leveraging the Gemini chatbot for OSINT and campaign planning.Operations attributed to Iran, including activity clusters tracked as UNC1549 and UNC6446, have leveraged spoofed recruitment portals and job offers to deploy malware.“GTIG has identified fake job descriptions, portals, and survey lures hosted on UNC1549 infrastructure masquerading as aerospace, technology, and thermal imaging companies, including drone manufacturing entities, to likely target personnel interested in major defense contractors,” GTIG said.As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
North Korea-linked groups blend espionage with revenue generation through IT worker infiltration schemes at defense firms.Google has described attacks conducted byAPT45against defense, automotive manufacturing, and semiconductor companies in South Korea;APT43attacks impersonating defense entities in the US and Germany; and UNC2970 campaigns leveraging the Gemini chatbot for OSINT and campaign planning.Operations attributed to Iran, including activity clusters tracked as UNC1549 and UNC6446, have leveraged spoofed recruitment portals and job offers to deploy malware.“GTIG has identified fake job descriptions, portals, and survey lures hosted on UNC1549 infrastructure masquerading as aerospace, technology, and thermal imaging companies, including drone manufacturing entities, to likely target personnel interested in major defense contractors,” GTIG said.As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Google has described attacks conducted byAPT45against defense, automotive manufacturing, and semiconductor companies in South Korea;APT43attacks impersonating defense entities in the US and Germany; and UNC2970 campaigns leveraging the Gemini chatbot for OSINT and campaign planning.Operations attributed to Iran, including activity clusters tracked as UNC1549 and UNC6446, have leveraged spoofed recruitment portals and job offers to deploy malware.“GTIG has identified fake job descriptions, portals, and survey lures hosted on UNC1549 infrastructure masquerading as aerospace, technology, and thermal imaging companies, including drone manufacturing entities, to likely target personnel interested in major defense contractors,” GTIG said.As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Operations attributed to Iran, including activity clusters tracked as UNC1549 and UNC6446, have leveraged spoofed recruitment portals and job offers to deploy malware.“GTIG has identified fake job descriptions, portals, and survey lures hosted on UNC1549 infrastructure masquerading as aerospace, technology, and thermal imaging companies, including drone manufacturing entities, to likely target personnel interested in major defense contractors,” GTIG said.As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
“GTIG has identified fake job descriptions, portals, and survey lures hosted on UNC1549 infrastructure masquerading as aerospace, technology, and thermal imaging companies, including drone manufacturing entities, to likely target personnel interested in major defense contractors,” GTIG said.As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
As for hacktivists, pro-Russia and pro-Iran groups have been observed conducting DDoS attacks, doxxing, and hack-and-leak campaigns.The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
The GTIG report also covers ransomware attacks, which disrupt manufacturing supply chains and amplify broader defense vulnerabilities. For several years manufacturing has been themost targeted sectorin ransomware attacks.The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
The report stresses that threats increasingly target soft vectors such as hiring processes, personal emails and devices, and unmanagededge appliances, often using methods that enable the attackers to evade detection by traditional security systems.Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Google recommends proactive integration of threat intelligence into hunting, resilient architecture design, and expanded visibility across personnel, suppliers, and perimeter systems to counter these multi-vector attacks.Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Related:Pentagon Outlines Cybersecurity Strategy for Defense Industrial BaseRelated:Iranian Hackers Targeting US Defense Industrial Base Entities With New BackdoorRelated:CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Source: SecurityWeek
