Attribution is our main focus here at Group-IB Threat Intelligence & Attribution, and it becomes harder every year. The number of unique malicious programs is decreasing while affiliate programs (collaborations between threat actors) are on the rise, with the number and quality of attacks both going up.
First and foremost we need to find out who is behind the landing page, down to the specific hacking group or particular threat actor. All we know so far is that the page is hosted on compromised websites by injecting JS scripts. The scripts imitate a website crashing and display a message saying that users must update their software, e.g., the browser, Adobe Flash Player, or fonts. The code name used by our team, FontPack, is based on the decoy methods employed in the campaign we will analyze in this report. ...read more!
