Avalanche
Description
(US-CERT) Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.
In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.
Avalanche used fast-flux DNS, a technique to hide the criminal servers, behind a constantly changing network of compromised systems acting as proxies.
Avalanche has been observed to distribute GozNym (operated by Bamboo Spider, TA544|used-by}} and much of the malware from TA505, Graceful Spider, Gold Evergreen.
Names
| Name | Name-Giver |
|---|---|
| Avalanche | ? |
Country
Motivation
- Financial gain
First Seen
2006
Observed Countries
Tools
Operations
- 2010-05: Worst Phishing Pest May be Revving Up https://www.pcworld.com/article/196304/worst_phishing_pest_may_be_revving_up.html
Counter Operations
- 2016-12: ‘Avalanche’ network dismantled in international cyber operation https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
Information
- https://en.wikipedia.org/wiki/Avalanche_(phishing_group)
- https://www.us-cert.gov/ncas/alerts/TA16-336A
Other Information
Uuid
a38d7eda-65d6-4b6e-902f-9091bc4fb2e9
Last Card Change
2020-05-15