Russian Hackers Using Living-Off-the-Land Tactics to Target Government Networks
Category:Threat Intelligence / APT
Symantec analysts uncovered a new campaign linked to the Russian Sandworm APT using living-off-the-land techniques to infiltrate government and enterprise networks. Attackers rely on legitimate Windows utilities to evade detection, focusing on credential theft and persistence rather than destructive attacks.
CORTEX Protocol Intelligence Assessment
Business Impact: Persistent access by a nation-state APT increases espionage and sabotage risk for public-sector networks. Technical Context: Attackers use PowerShell, rundll32.exe, and reg.exe to perform credential harvesting while avoiding detection.
Strategic Intelligence Guidance
- Harden PowerShell and Windows scripting restrictions.
- Implement behavioral analytics to detect LOLBin usage.
- Conduct credential vault audits (e.g., KeePass).
- Share IOCs with national CERT or trusted ISAC.
Vendors
Threats
Targets
Intelligence Source: Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics | Oct 30, 2025