ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Operation Spalax

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation Spalax

NamesOperation Spalax (ESET)
Country[Unknown]
MotivationInformation theft and espionage
First seen2020
Description(ESET) In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors are energy and metallurgical. The attackers rely on the use of remote access trojans, most likely to spy on their victims. They have a large network infrastructure for command and control: ESET observed at least 24 different IP addresses in use in the second half of 2020. These are probably compromised devices that act as proxies for their C&C servers. This, combined with the use of dynamic DNS services, means that their infrastructure never stays still. We have seen at least 70 domain names active in this timeframe and they register new ones on a regular basis.
ObservedSectors: Energy, Government.
Countries: Colombia.
Tools usedAsyncRAT, njRAT, RemcosRAT.
Information<https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/>

Last change to this card: 19 January 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key