Inception Framework

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
The Inception Framework, a threat actor group known for its advanced and highly automated approach to targeted attacks, has been active since at least May 2014. Their activities were first exposed by Blue Coat (now part of Symantec) in December 2014. From the onset, the group distinguished itself with its sophisticated use of layered malware attacks. Over the years, Symantec has consistently provided protection against all tools employed by the Inception Framework since their emergence. Between 2015 and 2017, the Inception Framework evolved significantly, adding additional layers of obfuscation to avoid detection. They have steadily changed their tools and techniques, demonstrating a high level of adaptability. Furthermore, they capitalized on the Shadow Brokers' release of Inception Framework tools, developing their own exploit payloads using the leaked Fuzzbunch framework. This shows the group's ability to leverage existing resources to enhance their operations. Since 2014, Symantec has found evidence of continuous attacks from the Inception Framework targeting organizations across several continents. The group has also cleverly utilized the cloud and the Internet of Things (IoT) to make their activities harder to detect. This evolution in strategy and the broadening of their attack surface underscore the persistent and evolving threat posed by the Inception Framework.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Inception Framework Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Inception Framework: Alive and Well, and Hiding Behind Proxies
MITRE
a year ago
Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions
MITRE
a year ago
Cloud Atlas: RedOctober APT is back in style