Crimeware

Cyberespionage or Cybercrime: Who Is Asylum Ambuscade?

When discussing the goings-on of the cybercriminal world, our goal is to give you a larger sense of the threats out there. However, until this article we have yet to address a certain contradiction that exists among many cybercriminal networks. It is not unusual for talented cyberespionage teams to also perform cybercrime… and sometimes, vice versa.

As Tim Starks writes in The Washington Post, nation-linked hacking groups often supplement their cyberespionage by doing some cybercrime on the side. It very rarely happens that the opposite is true, which is what makes the cybercriminal gang, Asylum Ambuscade, an especially interesting example of how these organizations can operate. As Matthieu Faou noted, “it is quite unusual to catch a cybercrime group running dedicated cyberespionage operations, and as such we believe that researchers should keep close track of Asylum Ambuscade activities.” What is perhaps most interesting are the different tactics Asylum Ambuscade employs across their respective attacks.

Since 2020, Asylum Ambuscade has been compromising government officials across Central Asia countries and Armenia. It took until the Ukraine conflict, however, for their attacks to rise to the level of public notice. Targeting European officials attempting to aid Ukrainian refugees, Asylum Ambuscade stole confidential information and webmail credentials. For this reason, these spearphising emails primarily hit officials in transportation and finance—as these departments have the most responsibility when it comes to population movement. However, despite the complexity of these attacks, they do not represent the full extent of Asylum Ambuscade’s cyber activities.

That is because, as we hinted, there is more to the group than counter-espionage. In the last two years, Asylum Ambuscade has claimed more than 4,500 non-governmental victims through malicious Google Ads that redirect users to sites with JavaScript code. Many of these victims reside in North America. According to analysts, Asylum Ambuscade “maintains an almost perplexingly broad targeting scope” by targeting a mixture of bank customers, cryptocurrency traders, government entities and other organizations. That being said, there is no reason to believe that the method the gang employs to compromise targets has been sold to other hackers. So for now it seems that non-governmental officials can steer clear of Asylum Ambuscade, provided they watch the ads they click on.