The adversaries are now employing a new tactic, a hybrid approach, combining both open-source and bespoke tools. This hybrid approach is a significant shift from their previous reliance on bespoke tools. This shift is a clear indication of their adaptability and persistence. Sophos has observed this hybrid approach in action, and they have identified several key characteristics of this new tactic.
The cluster’s tactics, techniques, and procedures (TTPs) are similar to those of Unfading Sea Haze, indicating a potential link between the two groups. Both groups employ a sophisticated approach to their operations, utilizing advanced tools and techniques to achieve their objectives. They are known for their meticulous planning, meticulous execution, and their ability to remain undetected for extended periods. Cluster Bravo’s initial attack in March 2023 targeted a specific organization, demonstrating their ability to focus on high-value targets. This attack involved the deployment of a custom-built malware tool, which was designed to steal sensitive data.