Fail: APT group only rudimentarily deletes telltale data
Members of the APT37 group have only rudimentarily deleted their collected attack data. Experts restored the data and analyzed it in detail. They found activity timelines, malicious code, and plenty of useful clues to internal workings. Even cybercriminals store data on GitHub and forget to completely delete their data. The Zscaler ThreatLabz team got a closer look at the tools, techniques, and processes (TTPs) of APT37 (aka ScarCruft or Temp.Reaper), a North Korean-based Advanced Persistent Threats threat actor. Data from APT37 shows the procedure In their research,…