Cybersecurity researchers have uncovered the identity of one of the individuals believed to be associated with electronic criminals known as vehicle group.
According to Menlo Security, which aggregates information from various online sources, “Nguyen Phu Thai, also known as Jo Nguyen or Thanh Nguyen, is most likely involved in XE Group.” It says.
XE Group (aka XeThanh), previously documented by Malwarebytes and Volexity, has a history of cybercriminal activity since at least 2013 and is suspected of originating from Vietnam.
Some of the entities targeted by threat actors span government agencies, construction organizations, and the healthcare sector.
It has been known to compromise Internet-facing servers using known exploits and monetize its intrusions by stealing passwords for online services and installing credit card skimming codes.
“Back in 2014, this attacker was observed creating an AutoIT script that auto-generated a basic credit card validation tool for emails and stolen credit cards,” said the cybersecurity firm. said.
Earlier this March, U.S. cybersecurity and intelligence officials exploited a three-year-old critical security flaw (CVE-2019-18935, CVSS score: 9.8) in Progress Telerik devices to gain a foothold for the XE Group. I have clarified what I have tried.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
join the session
The attackers have also attempted to access corporate networks in the past through phishing emails sent using fraudulent domains that mimic legitimate companies such as PayPal and eBay.
In addition to disguising .EXE files as .PNG files to avoid detection, some attacks use a web shell called ASPXSpy to control vulnerable systems.
“The XE Group continues to pose a threat to various sectors, including government agencies, construction groups and healthcare providers,” the researchers said.
