| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations. By leveraging Windows drivers, covert communications channels and proprietary malware, the group behind it maintains a considerable level of stealth. That said, some of its TTPs, like the usage of a commodity webshell and open-source legacy code for loading unsigned drivers, may get detected and in fact were flagged by Kaspersky's product, giving them visibility into the group’s operation.
There are currently no families associated with this actor.
| 2021-05-06
⋅
Kaspersky
⋅
Operation TunnelSnake Moriya TunnelSnake |