Full Report
2025-04-29 • CERT-FR • CERT-FR • ps1.steelhook, py.masepie, win.mocky_lnk, win.oceanmap Open article on Malpedia
Analysis Summary
# Threat Actor: APT28 Intrusion Set
## Attribution & Identity
The threat actor is identified as the **APT28 Intrusion Set**. The summary does not explicitly provide other known aliases or associated groups besides the collective designation APT28.
## Activity Summary
The summary details activity focused on the **Targeting and Compromise of French Entities** using the APT28 intrusion set. Specific campaign dates or elaborate historical campaigns are not detailed in the provided context snippet, only the focus of the described operations.
## Tactics, Techniques & Procedures
The context provided lists several associated artifacts/malware, which imply specific TTPs, though the functional details of those TTPs are not described:
- Use of malware/artifacts: `ps1.steelhook`, `py.masepie`, `win.mocky_lnk`, `win.oceanmap`.
- *Note: Specific MITRE ATT&CK IDs are not present in the context provided.*
## Targeting
- Sectors: **French Entities** (implied governmental, critical infrastructure, or specific organizations within France due to the source being CERT-FR).
- Geography: **France**.
- Victims: Not explicitly named in the context snippet.
## Tools & Infrastructure
- Malware families used: `ps1.steelhook`, `py.masepie`, `win.mocky_lnk`, `win.oceanmap`.
- Infrastructure: Not detailed in the context snippet.
## Implications
APT28 is known for state-sponsored targeting, suggesting the activity against French entities is likely focused on espionage, intelligence gathering, or disruption related to strategic national interests.
## Mitigations
No specific mitigation recommendations are detailed in the provided context snippet, though defenses should focus on detecting the listed associated malware families and blocking known APT28 TTPs.