Pawn Storm is a group that has shown ample resources and multifold strategies in its operations. The group has targeted many organisations, harvested considerable information, and attempted to influence mainstream media and public opinion.
Due to Pawn Storm’s notoriety, its attack methods have been well-documented. The threat actors behind Pawn Storm have used sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit.
This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages. It presents new data on the group’s credential phishing, direct probing of webmail and Microsoft Exchange Autodiscover servers, and large-scale scanning activities to search for vulnerable servers. Among the group’s prominent targets were members of defense companies, embassies, governments, and the military.