Cybereason researchers have reported the continuous activity of the GootLoader malware in various campaigns. GootLoader, an evolution of the GootKit malware family active since 2014 and tied to threat actors UNC2565, employs access-as-a-service model tactics to infiltrate systems. The attack begins with Search Engine Optimization (SEO) manipulation, leading victims to compromised websites that present malicious ZIP archives. These archives contain a .js file which establishes persistence and introduces a Cobalt Strike binary. The infection process involves multi-stage payloads, resulting in Discovery/Reconnaissance activities and communication with Command and Control (C2) servers. GootLoader's effectiveness can lead to significant data breaches, financial loss, and the potential introduction of other destructive malware, emphasizing the severity of such cyber threats.
Source: https://securityaffairs.com/165368/malware/gootloader-malware-is-still-active.html
"id": "cyb1009070724",
"linkid": "cybereason",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"