Bringing cybersecurity globally to critical and complex key activities
ATK92 (aka: Gorgon Group, or Aggah) is engaged both in cybercriminal attacks as well as targeted attacks against worldwide governmental organizations. The group is active since 2017 and is believed to be operating from Pakistan. The group's campaigns targeted government organizations in the United Kingdom, Spain, Russia, and the United States. The infection chain of their attacks usually starts by phishing emails containing trojanized documents, which will launch powershell commands and configure the C2.
REFERENCES