Ransomware cyber

Cybereason

Jul 7, 2024 1 min read
Cybereason

Cybereason researchers have reported the continuous activity of the GootLoader malware in various campaigns. GootLoader, an evolution of the GootKit malware family active since 2014 and tied to threat actors UNC2565, employs access-as-a-service model tactics to infiltrate systems. The attack begins with Search Engine Optimization (SEO) manipulation, leading victims to compromised websites that present malicious ZIP archives. These archives contain a .js file which establishes persistence and introduces a Cobalt Strike binary. The infection process involves multi-stage payloads, resulting in Discovery/Reconnaissance activities and communication with Command and Control (C2) servers. GootLoader's effectiveness can lead to significant data breaches, financial loss, and the potential introduction of other destructive malware, emphasizing the severity of such cyber threats.

Source: https://securityaffairs.com/165368/malware/gootloader-malware-is-still-active.html

TPRM report: https://scoringcyber.rankiteo.com/company/cybereason

"id": "cyb1009070724",
"linkid": "cybereason",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'attack_vector': ['SEO manipulation',
                   'malicious ZIP archives',
                   'Cobalt Strike binary'],
 'description': 'Cybereason researchers have reported the continuous activity '
                'of the GootLoader malware in various campaigns. GootLoader, '
                'an evolution of the GootKit malware family active since 2014 '
                'and tied to threat actors UNC2565, employs '
                'access-as-a-service model tactics to infiltrate systems. The '
                'attack begins with Search Engine Optimization (SEO) '
                'manipulation, leading victims to compromised websites that '
                'present malicious ZIP archives. These archives contain a .js '
                'file which establishes persistence and introduces a Cobalt '
                'Strike binary. The infection process involves multi-stage '
                'payloads, resulting in Discovery/Reconnaissance activities '
                'and communication with Command and Control (C2) servers. '
                "GootLoader's effectiveness can lead to significant data "
                'breaches, financial loss, and the potential introduction of '
                'other destructive malware, emphasizing the severity of such '
                'cyber threats.',
 'impact': {'data_compromised': ['significant data breaches']},
 'initial_access_broker': {'entry_point': 'SEO manipulation'},
 'threat_actor': 'UNC2565',
 'title': 'GootLoader Malware Campaign',
 'type': 'Malware'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

IdeaLab

public 1 min read
IdeaLab, a California-based technology startup incubator, experienced a data breach in October 2024 where hackers accessed sensitive information. The Hunters…
Jeremy C Jeremy C
Ransomware cyber

Cleo

public 3 min read
Cleo, a managed file transfer solutions provider, suffered a significant loss due to the exploitation of two zero-day vulnerabilities by…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.