Inception Framework

The Inception Framework, a threat actor group known for its advanced and highly automated approach to targeted attacks, has been active since at least May 2014. Their activities were first exposed by Blue Coat (now part of Symantec) in December 2014. From the onset, the group distinguished itself with its sophisticated use of layered malware attacks. Over the years, Symantec has consistently provided protection against all tools employed by the Inception Framework since their emergence. Between 2015 and 2017, the Inception Framework evolved significantly, adding additional layers of obfuscation to avoid detection. They have steadily changed their tools and techniques, demonstrating a high level of adaptability. Furthermore, they capitalized on the Shadow Brokers' release of Inception Framework tools, developing their own exploit payloads using the leaked Fuzzbunch framework. This shows the group's ability to leverage existing resources to enhance their operations. Since 2014, Symantec has found evidence of continuous attacks from the Inception Framework targeting organizations across several continents. The group has also cleverly utilized the cloud and the Internet of Things (IoT) to make their activities harder to detect. This evolution in strategy and the broadening of their attack surface underscore the persistent and evolving threat posed by the Inception Framework.