Sloppylemming

"SloppyLemming" is an advanced persistent threat (APT) group that has been previously linked to India by cybersecurity firm Crowdstrike, who tracks it under the alias "Outrider Tiger". This threat actor has demonstrated a high degree of sophistication in its operations, utilizing custom-built tools and exploiting cloud services for malicious activities. Known for its targeted attacks, SloppyLemming's primary victims include Pakistani law enforcement agencies, with its activities also extending to the Bangladeshi and Sri Lankan militaries and governments, organizations within China's energy and academic sectors, and potential targets in or around Australia's capital, Canberra. The modus operandi of SloppyLemming involves initiating attacks through spear-phishing emails, typically disguised as maintenance alerts from IT departments. Once these deceptive emails are successful in luring their victims, the group employs a custom-built tool named "CloudPhish" to manage credential logging logic and data exfiltration. The use of this tool highlights the group's technical prowess and their ability to develop bespoke solutions to aid their illicit activities. In addition to using custom-built tools, SloppyLemming has also demonstrated its adaptability and resourcefulness by leveraging popular cloud services in their operations. This abuse of trusted platforms makes it more challenging for cybersecurity teams to detect and mitigate their activities. The group's persistent and sophisticated tactics underscore the need for enhanced cybersecurity measures across all sectors, particularly those within its known target range.