REF7707
REF7707 is an intrusion set tracked by Elastic Security Labs. According to researchers, the group is a highly capable, novel intrusion set with well engineered capabilities but inconsistent campaign management and evasion practices. The group utilize novel malware families including FINALDRAFT, GUIDLOADER and PATHLOADER alongside heavy use of cloud and third-party services for command and control (C2).
Elastic Security Labs observed the group targeting the foreign ministry of a South American country and also note links to intrusions in Southeast Asia.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
REF7707 Threat Reports
From South America to Southeast Asia: The Fragile Web of REF7707
REF7707 is an advanced and persistent threat actor tracked by Elastic Security Labs. The group has been observed actively targeting the foreign ...