Jul 7, 2024 1 min read

Cybereason researchers have reported the continuous activity of the GootLoader malware in various campaigns. GootLoader, an evolution of the GootKit malware family active since 2014 and tied to threat actors UNC2565, employs access-as-a-service model tactics to infiltrate systems. The attack begins with Search Engine Optimization (SEO) manipulation, leading victims to compromised websites that present malicious ZIP archives. These archives contain a .js file which establishes persistence and introduces a Cobalt Strike binary. The infection process involves multi-stage payloads, resulting in Discovery/Reconnaissance activities and communication with Command and Control (C2) servers. GootLoader's effectiveness can lead to significant data breaches, financial loss, and the potential introduction of other destructive malware, emphasizing the severity of such cyber threats.


"id": "cyb1009070724",
"linkid": "cybereason",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

Join the conversation

Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.