Palo Alto Networks’ Unit 42 Identifies Pakistani Hacker Group Dubbed Gorgon Group

Unit 42, the cyber security research arm of U.S.-based cyber security company Palo Alto Networks, has identified a Pakistani hacking …
Palo Alto Networks’ Unit 42 Identifies Pakistani Hacker Group Dubbed Gorgon Group
A Gorgon Medusa mask dating from 200AD, in the Romano-Germanic Museum in Cologne, Germany. Photograph courtesy of Christoph Wagener, via Wikipedia.

Unit 42, the cyber security research arm of U.S.-based cyber security company Palo Alto Networks, has identified a Pakistani hacking group they call the Gorgon Group that is engaged in both criminal and nation-state cyber activities.

Unit 42 researchers had been tracking a hacker called Subaat since 2017, and observed the individual engaged in attacking targets with other hackers that Unit 42 collectively calls the Gorgon Group.

IAC 2024 - Banner

The Gorgon Group conducts attacks against targets around the world for criminal purposes mostly, but has been observed to quickly use its resources for targeted attacks against governmental organisations in Russia, Spain, United Kingdom, and the United States. The Gorgon Group mostly relies upon social engineering techniques, such as phishing emails with attachments using titles such as “Pakistan eying Sukhoi-35 figther planes as part of defense deal from Rusia” (note the misspelling of fighter and Russia). Once the attachment is opened by a victim their computer and networks are infected with malware.

Unit 42 notes that the Gorgon Group uses the same tools, infrastructure, and command and control methods for both it criminal activities and its targeted attacks that could be at the behest of a state sponsor. While Unit 42 suspects that members of the Gorgon Group are Pakistani (indeed, many of the Gorgon Group members self-identify as Pakistani), they refrain from naming who the alleged state sponsor might be.

The operational security and sophistication of the Gorgon Group is not all that impressive, according to researchers, but their effectiveness is noteworthy. This suggests that the victims of the Gorgon Group may have been attacked due to poor cyber security capabilities and practices on their part.

“Gorgon Group isn’t the first actor group we’ve witnessed dabble in both nation state level and criminal attacks. What makes Gorgon Group unique is, that despite the group’s operational security failures, they still remained particularly effective. Looking closer at the actors participating in Gorgon Group gave us a unique perspective into the inner workings of an attack…Leveraging the same infrastructure for targeted attacks and criminal enterprises made for an interesting cross-section of mixed intentions. Ultimately, this lead us to the conclusion that several of Gorgon Group’s members have a nexus in Pakistan,” Unit 42 researchers said.

Picture of SpaceWatch.GLOBAL
SpaceWatch.GLOBAL
Continue Reading
Join BusinessClub
Business Club - Thank You
SWGL FanShop

Don't Miss Any Updates

NEWSLETTER

Subscribe now to receive the best of space insights directly in your inbox! Free of charge, finished in just 20 seconds!
* Required
Email
Contact
Newsletter
Please select the newsletter of your choice *

Yes, I would like to receive the selected newsletters for free.

You can unsubscribe anytime via the link in our emails or by contacting us. We respect your information. For details, check our Privacy Policy.
By clicking below, you agree to our terms, in particular the transfer of data to Mailchimp.
.