Operation Manul
Description
(Electronic Frontier Foundation) This report covers a campaign of phishing and malware which we have named “Operation Manul” and which, based on the available evidence, we believe is likely to have been carried out on behalf of the government of Kazakhstan against journalists, dissidents living in Europe, their family members, known associates, and their lawyers. Many of the targets are involved in litigation with the government of Kazakhstan in European and American courts whose substance ranges from attempts by the government of Kazakhstan to unmask the administrators behind an anonymous website that publishes leaks alleging government corruption (Kazaword) to allegations of kidnapping. Our research suggests links between this campaign and other campaigns that have been attributed to an Indian security company called Appin Security Group. A hired actor is consistent with our findings on the Command and Control servers related to this campaign, which included web-based control panels for multiple RATs, suggesting that several campaigns were being run at once. A hired actor may also explain the generic and uninspired nature of the phishing, which often took the form of an email purporting to contain an invoice or a legal document with an attachment containing a blurry image. An investigation by the Swiss federal police of some of the emails linked to Operation Manul concludes that they were sent from IP addresses in India, which also suggests a link to Appin.
Names
| Name | Name-Giver |
|---|---|
| Operation Manul | Electronic Frontier Foundation |
Country
Motivation
- Information theft and espionage
First Seen
2015
Observed Sectors
Observed Countries
Tools
Information
Other Information
Uuid
2eb09560-6cce-4c19-ab9d-7cb929bd110c
Last Card Change
2021-08-09