ELUSIVE COMET

Also known as: ELUSIVE COMET

ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks, particularly leveraging Zoom’s remote control feature. Their attack methodology involves manipulating legitimate workflows and exploiting human-centric vulnerabilities rather than technical flaws. The actor employs tactics such as social proof, time pressure, and interface manipulation to deceive targets. Organizations can mitigate risks by implementing technical controls to disable the remote control feature and deploying email boundary protections like DMARC, SPF, and DKIM.

🌍 Country North Korea

Introduction

ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks, particularly leveraging Zoom’s remote control feature. Their attack methodology involves manipulating legitimate workflows and exploiting human-centric vulnerabilities rather than technical flaws. The actor employs tactics such as social proof, time pressure, and interface manipulation to deceive targets. Organizations can mitigate risks by implementing technical controls to disable the remote control feature and deploying email boundary protections like DMARC, SPF, and DKIM.

Activities and Tactics

Country of Origin: 🇰🇵 North Korea

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • RemoteCMD
  • Remote Utilities
  • RemotePC
  • Xploit

Attribution and Evidence

Country of Origin: North Korea Additional attribution information pending cataloguing.

References

References pending cataloguing.