top of page

"Asylum Ambuscade: Cybercrime and Cyber Espionage Group Targeting Banks and Governments Since 2020"

Since early 2020, the threat actor known as Asylum Ambuscade has been operating as a combination cybercrime and cyber espionage group. In March 2022, the Slovak cybersecurity firm Proofpoint documented a phishing campaign targeting European governmental entities, presumably in an effort to gather intelligence on refugee and supply movement within the region. The campaign begins with a spear-phishing email containing a malicious Excel spreadsheet attachment that, upon opening, downloads an MSI package from a remote server. This package deploys a downloader written in Lua called SunSeed, which in turn retrieves the AHK Bot malware, written in AutoHotkey. What is particularly concerning about this group is the scope of their cybercrime activities. Since January 2022, Asylum Ambuscade has targeted over 4,500 victims across the globe, including individuals in North America, Asia, Africa, Europe, and South America. The criminals have targeted bank customers and cryptocurrency traders alike in a bid to steal confidential information and web email credentials from official government email portals. Asylum Ambuscade is an example of how sophisticated cybercriminals are becoming and the prevalence of nation-state-sponsored cybercrime and espionage. The group has demonstrated the ability to successfully target a wide range of victims, including governmental entities, individuals, and companies, in a variety of countries and regions. As a result, it is essential that organizations remain vigilant in their security practices in order to reduce the risk of falling prey to an attack from this or any other group. Organizations should take steps to protect themselves from Asylum Ambuscade and other cybercriminals by using two-factor authentication for all accounts, limiting access to sensitive data, monitoring access to networks and systems, and regularly updating software and security systems. Additionally, organizations should regularly conduct security training and testing to ensure that employees are aware of the latest threats and how to respond in the event of an attack. By taking these steps, organizations can dramatically reduce their risk of falling victim to an attack from Asylum Ambuscade or any other cybercriminal group.


bottom of page