Inception Framework  (Back to overview)

This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa, Europe, and the Middle East, for the purpose of espionage.

---

Associated Families

---

References

2019-08-12 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20190812:recent:3a35688, author = {GReAT}, title = {{Recent Cloud Atlas activity}}, date = {2019-08-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/recent-cloud-atlas-activity/92016/}, language = {English}, urldate = {2019-12-20} } Recent Cloud Atlas activity PowerShower

2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:inception:112e0c0, author = {Cyber Operations Tracker}, title = {{Inception Framework}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/inception-framework}, language = {English}, urldate = {2019-12-20} } Inception Framework Inception Framework

2018-11-05 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster @online{lancaster:20181105:inception:4eb9f99, author = {Tom Lancaster}, title = {{Inception Attackers Target Europe with Year-old Office Vulnerability}}, date = {2018-11-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/}, language = {English}, urldate = {2019-12-20} } Inception Attackers Target Europe with Year-old Office Vulnerability PowerShower

2018-03-14 ⋅ Symantec ⋅ Security Response Attack Investigation Team, Network Protection Security Labs @online{team:20180314:inception:ee787d2, author = {Security Response Attack Investigation Team and Network Protection Security Labs}, title = {{Inception Framework: Alive and Well, and Hiding Behind Proxies}}, date = {2018-03-14}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies}, language = {English}, urldate = {2020-01-09} } Inception Framework: Alive and Well, and Hiding Behind Proxies Inception Framework

2017-10-16 ⋅ Akamai ⋅ Akamei @techreport{akamei:20171016:upnproxy:044596d, author = {Akamei}, title = {{UPnProxy: Blackhat Proxies via NAT Injections}}, date = {2017-10-16}, institution = {Akamai}, url = {https://www.akamai.com/uk/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf}, language = {English}, urldate = {2019-12-10} } UPnProxy: Blackhat Proxies via NAT Injections Inception Framework

2015-01-20 ⋅ Blue Coat ⋅ Basavaraj K. Biradar @techreport{biradar:20150120:reversing:8a25caf, author = {Basavaraj K. Biradar}, title = {{Reversing the Inception APT malware}}, date = {2015-01-20}, institution = {Blue Coat}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/Inception_APT_Analysis_Bluecoat.pdf}, language = {English}, urldate = {2020-04-21} } Reversing the Inception APT malware Inception Framework

2015-01-14 ⋅ LogRhythm ⋅ Tony Massé @online{mass:20150114:catching:33c67af, author = {Tony Massé}, title = {{Catching the “Inception Framework” Phishing Attack}}, date = {2015-01-14}, organization = {LogRhythm}, url = {https://logrhythm.com/blog/catching-the-inception-framework-phishing-attack/}, language = {English}, urldate = {2020-04-21} } Catching the “Inception Framework” Phishing Attack Inception Framework

2014-12-10 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20141210:cloud:ccb4794, author = {GReAT}, title = {{Cloud Atlas: RedOctober APT is back in style}}, date = {2014-12-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/}, language = {English}, urldate = {2019-12-20} } Cloud Atlas: RedOctober APT is back in style Inception Framework

2014-12-09 ⋅ Blue Coat ⋅ Snorre Fagerland, Waylon Grange @online{fagerland:20141209:blue:0d254a1, author = {Snorre Fagerland and Waylon Grange}, title = {{Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs}}, date = {2014-12-09}, organization = {Blue Coat}, url = {https://web.archive.org/web/20160710180729/https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware}, language = {English}, urldate = {2020-04-21} } Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs CloudAtlas Inception Framework

2014-12-09 ⋅ Blue Coat ⋅ Snorre Fagerland, Waylon Grange @techreport{fagerland:20141209:inception:1966734, author = {Snorre Fagerland and Waylon Grange}, title = {{The Inception Framework: Cloud-hosted APT}}, date = {2014-12-09}, institution = {Blue Coat}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/bcs_wp_InceptionReport_EN_v12914.pdf}, language = {English}, urldate = {2020-04-21} } The Inception Framework: Cloud-hosted APT Inception Framework

2014-12-09 ⋅ Symantec ⋅ Waylon Grange @online{grange:20141209:blue:63864e2, author = {Waylon Grange}, title = {{Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus}}, date = {2014-12-09}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/blue-coat-exposes-inception-framework-very-sophisticated-layered-malware-attack-targeted-milit}, language = {English}, urldate = {2019-12-20} } Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus Inception Framework

2013-01-14 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20130114:red:ac55753, author = {GReAT}, title = {{"Red October" Diplomatic Cyber Attacks Investigation}}, date = {2013-01-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740/}, language = {English}, urldate = {2020-04-06} } "Red October" Diplomatic Cyber Attacks Investigation Inception Framework

---

Credits: MISP Project