There is also, researchers report, an increased need for tools to aid in parsing logs once the data is received. Telegram has also benefited from this change, as more logs are being traded over the messaging platform. Legal action against the Genesis Market and RaidForums has slowed underground market activity. Raccoon, Vidar and Redline remain the most pervasive infostealing threats. The overall growth rate for the Russian Market forum was also rather notable, with a growth rate of 670% in logs for sale in two years (between June 2021 and May of 2023). On the Russian Market underground forum, the total amount of logs for sale increased by 150%, from two million in a day in June of last year, to five million in February of this year. Logs from infostealers that have taken user data continue to see an increase as time draws on. Secureworks released a threat report this morning discussing “ The Growing Threat from Infostealers,” which details the impact of infostealing malware on the cyber threat ecosystem. The researchers write, “We saw some indications of what the initial infection vector may have been in two victims, though this was not conclusive.” Lancefly’s reuse of tools associated with Chinese APTs suggests some connection with those groups, but Symantec regards the evidence as inconclusive for precise attribution: many of those tools have been widely shared. In its more recent activity, however, the initial infection vector was unclear. Merdoor is “injected into the legitimate processes perfhost.exe or svchost.exe.” Symantec assesses that Lancefly may have used phishing emails as an attack vector in a campaign in 2020. Lancefly’s custom back door, “Merdoor,” seems to have been around since 2018 and facilitates keylogging, multiple C2C communication methods, and the ability to listen in to local port commands. The attackers in this campaign also have access to an updated version of the ZXShell rootkit,” the researchers say. “The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted. Symantec (a Broadcom company) reported yesterday that the advanced persistent threat (APT) Lancefly is using a custom backdoor to target government, aviation, education, and telecommunication sectors in South and Southeast Asia. Lancefly, a new APT with a custom backdoor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |