Ransomware cyber

AnyDesk

Aug 21, 2024 1 min read
AnyDesk

The Mad Liberator ransomware group used social engineering to exploit the remote-access application AnyDesk, gaining unauthorized access and exfiltrating data without the company's knowledge. They carried out a sophisticated attack involving a fake Windows update screen to hide their activities, successfully bypassing the victim's defenses by masking their actions behind a familiar system process. The incident did not involve encryption of data but focused on exfiltrating sensitive information through the misuse of AnyDesk's remote access capabilities. The attackers capitalized on the trust placed in IT departments' regular maintenance practices, which allowed them to carry out the attack unnoticed for almost four hours.

Source: https://securityaffairs.com/167231/malware/mad-liberator-ransomware-social-engineering.html

TPRM report: https://scoringcyber.rankiteo.com/company/anydesk-software-gmbh

"id": "any000082124",
"linkid": "anydesk-software-gmbh",
"type": "Ransomware",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'attack_vector': ['Social Engineering', 'Remote Access Exploitation'],
 'data_breach': {'data_exfiltration': True,
                 'type_of_data_compromised': 'Sensitive Information'},
 'description': 'The Mad Liberator ransomware group used social engineering to '
                'exploit the remote-access application AnyDesk, gaining '
                'unauthorized access and exfiltrating data without the '
                "company's knowledge. They carried out a sophisticated attack "
                'involving a fake Windows update screen to hide their '
                "activities, successfully bypassing the victim's defenses by "
                'masking their actions behind a familiar system process. The '
                'incident did not involve encryption of data but focused on '
                'exfiltrating sensitive information through the misuse of '
                "AnyDesk's remote access capabilities. The attackers "
                "capitalized on the trust placed in IT departments' regular "
                'maintenance practices, which allowed them to carry out the '
                'attack unnoticed for almost four hours.',
 'impact': {'data_compromised': 'Sensitive Information'},
 'initial_access_broker': {'entry_point': 'AnyDesk Remote Access Application'},
 'motivation': 'Data Exfiltration',
 'ransomware': {'data_exfiltration': True,
                'ransomware_strain': 'Mad Liberator'},
 'threat_actor': 'Mad Liberator Ransomware Group',
 'title': 'Mad Liberator Ransomware Group Exploits AnyDesk for Data '
          'Exfiltration',
 'type': 'Data Exfiltration',
 'vulnerability_exploited': 'AnyDesk Remote Access Application'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.