Security researchers at Sygnia reported observing attacks originating from a sophisticated threat actor that bore resemblance to the hallmarks of an Australian campaign that targeted high-profile public and private entities. According to the researchers, the campaign targeting Australia last year seems to have shifted its focus to the US. The attacks are conducted using almost only memory-resident malware, according to Sygnia. The attacker has been dubbed Praying Mantis and has been attacking Windows Internet Information Services environments and web applications to gain initial access.
Sygnia stated that the attacks have been going on since at least last June and that the motivation behind the campaign appears to be cyber-espionage for a state-backed entity. Although it has not been determined which state is responsible for the attacks, Sygnia says that there are reports from the Australia campaign that suggest the activity is linked to China. The level of sophistication that the attacker presents and the highly persistent nature of the attacks suggests that the operation is large, according to Sygnia. It is unclear which US entities have been targeted.
Read More: Praying Mantis Threat Group Targeting US Firms in Sophisticated Attacks