Achilles

Description

This actor may be related to Iridium.

(AdvIntel) “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks.

On May 4, 2019, Achilles claimed to have access to UNICEF network as well as networks of several high-profile corporate entities. They were able to provide evidence of their presence within the UNICEF network and two private sector companies. It is noteworthy that they provided access to networks at a relatively low price range of $5,000USDto$2,000 USD.

The majority of Achilles offers are related to breaches into multinational corporate networks via external VPN and compromised RDPs. Targets include private companies and government organizations, primarily in the British Commonwealth. Achilles has been particularly active on forums through the last seven months, with rising spikes in activities in Fall 2018 and Spring 2019.

Names

Name	Name-Giver
Achilles	AdvIntel

Country

• Unknown

Motivation

• Financial crime

First Seen

2018

Observed Sectors

• Defense
• Government
• private sectors

Observed Countries

• Australia
• UK
• USA

Tools

• RDP

Operations

• 2018-10: Breach of Navy shipbuilder Austal https://www.abc.net.au/news/2018-11-13/iranian-hackers-suspected-in-austal-cyber-breach/10489310

Information

• https://www.advanced-intel.com/blog/achilles-hacker-behind-attacks-on-military-shipbuilders-unicef-international-corporations
• https://www.bleepingcomputer.com/news/security/another-hacker-selling-access-to-charity-antivirus-firm-networks/

Other Information

Uuid

8881870a-4b54-4525-b455-45bb7c045fb5

Last Card Change

2020-04-15