Group: Poseidon Group

From enterprise
Jump to: navigation, search
Poseidon Group
Group
ID G0033
Aliases Poseidon Group

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.1

Techniques Used

  • Masquerading - Poseidon Group tools attempt to spoof anti-virus processes as a means of self-defense.1
  • Process Discovery - After compromising a victim, Poseidon Group lists all running processes.1
  • Account Discovery - Poseidon Group searches for administrator accounts on both the local victim machine and the network.1
  • PowerShell - The Poseidon Group's Information Gathering Tool (IGT) includes PowerShell components.1
  • Credential Dumping - Poseidon Group conducts credential dumping on victims, with a focus on obtaining credentials belonging to domain and database servers.1