The Hacker NewsTHN:E9A6FFB34DA1C49F512A7AE269951D50Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.908 High
EPSS
Percentile
98.3%
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group.
According to Menlo Security, which pieced together the information from different online sources, βNguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group.β
XE Group (aka XeThanh), previously documented by Malwarebytes and Volexity, has a history of carrying out cyber criminal activities since at least 2013. Itβs suspected to be a threat actor of Vietnamese origin.
Some of the entities targeted by the threat actor span government agencies, construction organizations, and healthcare sectors.
Itβs known to compromise internet-exposed servers with known exploits and monetize the intrusions by installing password theft or credit card skimming code for online services.
βAs far back as 2014, the threat actor was seen creating AutoIT scripts that automatically generated emails and a rudimentary credit card validator for stolen credit cards,β the cybersecurity company said.
Earlier this March, U.S. cybersecurity and intelligence authorities revealed XE Groupβs attempts to exploit a critical three-year-old security flaw in Progress Telerik devices (CVE-2019-18935, CVSS score: 9.8) to obtain a foothold.
UPCOMING WEBINAR
π Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!
The adversary has also attempted to gain access to corporate networks in the past through phishing emails sent out using fraudulent domains mimicking legitimate companies such as PayPal and eBay.
Besides camouflaging .EXE files as .PNG files to avoid detection, select attacks have employed a web shell dubbed ASPXSpy to gain control of vulnerable systems.
βXE Group remains a continued threat to various sectors, including government agencies, construction organizations, and healthcare providers,β the researchers said.
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.908 High
EPSS
Percentile
98.3%