Lyceum mass backdoor attacks
From an offset in the comprehensive analysis by ClearSky and Kaspersky, ACTI and PACT have conducted research on these campaigns based on Prevailion's network telemetry overlaid with ACTI's technical understanding of Lyceum backdoor communication. The joint ACTI/PACT research team was able to identify additional web-based infrastructure used by Lyceum, which corroborated previous reporting and identified six domains with a previously unknown connection to Lyceum (five of which are currently registered). This research eventually fueled Prevailion's ability to annex over 20 Lyceum domains, which provided network telemetry of ongoing compromises.
Analysis of this telemetry, enriched and corroborated with host-based data, allowed the team to identify additional victims and provide further visibility into Lyceum's targeting methodology.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe