Members of Iron Liberty, a cyber espionage group operating from Russia, have been using a novel attack technique dubbed “man-on-the-side” (MOTS) in order to install malware on targeted systems, research by Secureworks has found.
MOTS resembles the well-known man-in the-middle (MITM) attack in which a threat actor covertly relays and potentially tampers with the seemingly direct communications between two victims on a network. However, unlike MITM attacks where attackers put themselves in between the communications, “with MOTS, the attacker has sufficient access to observe and inject traffic which through timing/bandwidth is consumed by the victim before the legitimate reply arrives,” Don Smith of Secureworks explains.
Read more: Russian Threat Group May Have Devised a ‘Man-on-the-Side’ Attack