Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
CrowdStrike
Word Count
7,507
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

The StellarParticle campaign, linked to the COZY BEAR adversary group, showcases the group's sophisticated use of novel tactics and techniques to infiltrate multiple organizations' systems, leveraging access for espionage and financial gain. CrowdStrike's investigation revealed the group's methods, including credential hopping, browser cookie theft to bypass multifactor authentication, and the use of malware families like TrailBlazer and a Linux variant of GoldMax to maintain persistence. The campaign also exploited Microsoft O365 environments through service principal manipulations and application impersonation, targeting sensitive information repositories and using advanced knowledge of victims' infrastructures. These actions highlight the threat actors' capacity to remain undetected for extended periods, showcasing a high level of operational security and a comprehensive understanding of both Windows and Linux systems, as well as cloud environments.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 2 2,394 1,321 1 -
Secrets Management 2 437 72 18 +103%
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.