Security experts analyze three complex nation-state operations

Menlo Security has published a report outlining three nation-state campaigns. These campaigns utilized advanced tactics to target financial institutions (such as banking and insurance organizations), government agencies, legal firms, and healthcare entities. The campaigns discussed in the report are LegalQloud, Eqooqp, and Boomer.

Patrick Tiquet, Vice President, Security & Architecture at Keeper Security, states, “Nation-state cyber actors are consistently improving their techniques to make their attacks more advanced and adaptable. For example, the recently uncovered HEAT campaigns—LegalQloud, Eqooqp, and Boomer—utilize sophisticated evasion methods capable of bypassing Multi-Factor Authentication (MFA) and employing Adversary in the Middle (AiTM) kits. These campaigns have already compromised over 40,000 high-value users across critical sectors like banking, finance, insurance, legal services, government, and healthcare. The involvement of well-resourced nation-state actors underscores the severity of these threats.”

The report highlights the changing nature of these campaigns, circumventing traditional security measures.

“In essence, you must acknowledge that some attacks will reach your users and therefore you need to prepare them for that inevitable moment,” explains Mr. Mika Aalto, Co-Founder and CEO at Hoxhunt. “Security awareness and phishing training must keep up with the latest threats so individuals can recognize AitM and dynamic phishing, and know how to identify these attacks and stay protected. These evasive techniques differ significantly from traditional static phishing attacks as they intercept legitimate user traffic and distribute malware and malicious content that adjusts in real-time to the user’s situation, making it difficult to identify. Despite this evolved tactic, users can remain secure if they realize they should never lower their guard.”

Regarding the report’s implications, Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start, remarks, “Menlo Security’s recent report validates and strengthens our prior findings on HEAT attacks. The thorough examination of campaigns like LegalQloud, Eqooqp, and Boomer underscores the sophisticated methods utilized by nation-state actors and the urgent necessity for adaptive and innovative cybersecurity measures. As attackers refine their strategies, organizations must fortify their defenses with proactive, real-time security solutions and continuous monitoring strategies to effectively combat these evolving threats.”