4/10/2023 0 Comments Keepass versions![]() "Given the nature of the targets and geographical location of the victims, it's evident the motivation is not a financial one." ![]() "The apparent RomCom connection to Cuba Ransomware and Industrial Spy groups is based on the network configuration link, which might also be used as a distraction," BlackBerry's Dmitry Bestuzhev said. ![]() Given the interconnected nature of the cybercriminal ecosystem, it's not immediately evident if the two sets of activities share any connections or if the malware is offered for sale as a service to other threat actors. ![]() The use of RomCom RAT has also been linked to threat actors associated with the Cuba ransomware and Industrial Spy, according to Palo Alto Networks Unit 42, which is tracking the the ransomware affiliate under the constellation-themed moniker Tropical Scorpius. Other impersonated versions involve the popular password manager KeePass and PDF Reader Pro, including in the Ukrainian language. That technique misleads the victim into believing that the recently downloaded and installed application is completely legitimate."ĭiscover the Hidden Dangers of Third-Party SaaS AppsĪre you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk. "If filled out, real SolarWinds sales personnel might contact the victim to follow up on the product trial. "While downloading a free trial from the spoofed SolarWinds site, a legitimate registration form appears," the researchers explained. The latest iteration of the campaign entails setting up decoy lookalike websites with a similar domain name, followed by uploading a malware-laced installer bundle of the malicious software, and then sending phishing emails to targeted victims. The unknown threat actor has also been observed leveraging trojanized variants of Advanced IP Scanner and pdfFiller as droppers to distribute the implant. The latest findings come a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |