A threat actor who goes by an online name ‘Achilles’ has claimed to have access to internal computer networks belonging to major organizations. Security firm AdvIntel, which outlined the activities of Achilles, said that the attacker had access to networks of UNICEF and many other high-profile corporations. The firm also suggested that the actor targeted private sector entities as well as public domains, government-affiliated companies, and international organizations.
Achilles is reported to be English-speaking and was active on online underground hacking forums.
The big picture
Regarding the methods used by Achilles, AdvIntel believed that the actor extensively relied on RDP and VPN.
“Usually Achilles utilizes living-off-the land (LotL) tactics: the actor prefers to avoid using external malware kits. Instead, they either compromise a Remote Desktop Protocol (RDP) or leverage stolen credentials to establish stable and secure external Virtual Private Network (VPN) access into the victim's network,” explained AdvIntel.