Threat Actor Profiles — Threat Actor Profiles Analysis

# Threat Actor Profiles Analysis: Emerging Cyber Threat Groups in the Dark Web Ecosystem ## Introduction The underground cyber threat landscape continues to evolve, with new threat actor groups emerging with increasing sophistication. Oracle-42 Sovereign Intelligence has identified three distinct cybercriminal collectives—**Horus Reservs**, **Hazardous Cyber Team**, and **an unidentified group operating via a Telegram channel**—that demonstrate advanced capabilities in cyber espionage, financial fraud, and disruptive operations. This report provides a detailed analysis of their tactics, techniques, and procedures (TTPs), supported by technical indicators and observed behaviors. --- ## **1. Horus Reservs: A Rising APT-Style Threat Actor** ### **Overview** Horus Reservs is a previously undocumented cyber threat group that has recently gained attention due to its sophisticated **spear-phishing campaigns** and **supply chain attacks**. The group appears to prioritize **high-value targets**, including government entities, financial institutions, and critical infrastructure. ### **Key Observations** - **Initial Access Vector**: Horus Reservs leverages **malicious macro-enabled Office documents** (e.g., `.docm`, `.xlsm`) delivered via spear-phishing emails. These documents exploit **CVE-2017-11882** (Microsoft Equation Editor RCE) and **CVE-2018-0802** (Outlook RCE) to deploy payloads. - **Malware Arsenal**: - **HorusLoader**: A custom backdoor written in **C++**, featuring **anti-debugging** and **anti-sandbox** techniques. It communicates via **HTTP/HTTPS** with command-and-control (C2) servers. - **PowerSploit**: Used