The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight
released on 2021-06-29 @ 11:22:35 AM
The attribution of this operations is far from certainty and such activities could be possibly related to the threat group named Gorgon/Subaat. Anyway, based on the modus operandi, with no doubt this actor is heavily active at least since 2019 and equally certain it is insisting in the European and Italian landscape, so the Yoroi Malware ZLAB is monitoring the evolution of its TTPs to ensure proactive defense to Yoroi customers and recently we intercepted a new offensive operation leveraging new serverless techniques to bypass traditional security defenses to target many European and Italian organizations: named the “WayBack campaign”.