Leviathan

Threat Actor updated a month ago (2024-11-29T14:44:39.936Z)
Download STIX
Preview STIX
Leviathan, also known as APT40, TEMP.Periscope, TEMP.Jumper, Bronze Mohawk, Gingham Typhoon, ISLANDDREAMS, Kryptonite Panda, Red Ladon, and TA423, is a threat actor linked to numerous cyber espionage activities around the globe. Between 2011 and 2018, the group targeted government organizations, private businesses, and universities worldwide, leading to an indictment by the U.S. Justice Department in July 2021. The group's capabilities were highlighted in a joint advisory issued by cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S., warning about the group's rapid exploitation of disclosed flaws. Researchers at Leviathan Security Group have discovered a potential vulnerability within the Dynamic Host Configuration Protocol (DHCP) standard that can be exploited for malicious purposes. The technique, dubbed TunnelVision, involves running a rogue DHCP server on the same network as a targeted VPN user and configuring it to act as a gateway. When traffic hits this gateway, it is forwarded through to a legitimate gateway while being monitored by the rogue server. This method takes advantage of an obscure feature in the DHCP standard and could force users on a local network to connect to a rogue DHCP server. Leviathan's researchers, Lizzie Moratti and Dani Cronce, have warned that many VPN providers may not be able to deliver on their security promises due to this vulnerability. They suggest mitigating the risk by running VPNs from inside a virtual machine (VM). The discovery of this attack technique, which has technically been possible since the inclusion of Option 121 in the DHCP standard in 2002, underscores the evolving nature of cybersecurity threats and the need for continuous vigilance and proactive measures to protect digital assets.
Description last updated: 2024-08-14T09:06:07.478Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vpn
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.