The 2021 NSFOCUS report on the Lorec53 Group identifies it as an emerging APT organization targeting Eastern Europe, particularly Ukraine and Georgia. Acting as a cyber mercenary, Lorec53 used phishing, watering hole, and Trojan-based attacks to steal data from government and defense institutions. Its campaigns, including “ISTC Agreement,” “COVID-21,” and “Veterans Grant,” deployed malware like Smokeloader and LorecDocStealer. Operating mainly from Russian-linked infrastructure, the group leveraged temporary domains (.site, .xyz, .space) and Russian-developed Trojans. It also supported Android-based phishing in Iran using the Pardakht Trojan for financial theft.

Join for free to read