Ransomware cyber

EUMETSAT

Jun 13, 2025 1 min read
EUMETSAT

EUMETSAT, a European meteorological organization, was victimized by Fog ransomware. The attack was atypical, utilizing legitimate and open-source tools like Syteca for logging keystrokes and grabbing passwords, Stowaway for payload dropping, and SMBExec for execution. The attackers accessed additional systems, mapped out the network, and deployed the encryptor, causing significant disruptions and potential data leaks.

Source: https://www.techradar.com/pro/security/fog-ransomware-attacks-use-employee-monitoring-tool-to-break-into-business-networks

TPRM report: https://scoringcyber.rankiteo.com/company/eumetsat

"id": "eum601061325",
"linkid": "eumetsat",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Belgium',
                        'name': 'Melexis',
                        'type': 'Semiconductor company'},
                       {'industry': 'Government',
                        'location': 'Europe',
                        'name': 'EUMETSAT',
                        'type': 'Meteorological organization'},
                       {'industry': 'Education',
                        'location': 'Switzerland',
                        'name': 'FHNW University',
                        'type': 'Educational institution'},
                       {'industry': 'Automotive',
                        'location': 'Australia',
                        'name': 'Ultra Tune',
                        'type': 'Automotive service franchise'}],
 'attack_vector': ['Compromised VPN credentials',
                   'Pass-the-hash attacks',
                   'Legitimate employee monitoring tool (Syteca)',
                   'Open-source tools (Stowaway, SMBExec, GC2)'],
 'data_breach': {'data_exfiltration': 'Google Sheets and SharePoint',
                 'type_of_data_compromised': 'Keystrokes and passwords'},
 'description': 'Fog ransomware was seen using Syteca, a legitimate employee '
                'monitoring tool, to log keys and grab passwords. It also used '
                'open-source tools for payload dropping and file exfiltration. '
                "The attack was described as 'atypical' by researchers.",
 'impact': {'data_compromised': 'Keystrokes and passwords'},
 'initial_access_broker': {'backdoors_established': 'GC2',
                           'entry_point': 'Compromised VPN credentials'},
 'motivation': 'Financial gain through ransomware',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'Fog'},
 'references': [{'source': 'BleepingComputer'}],
 'response': {'third_party_assistance': 'Symantec'},
 'threat_actor': 'Fog ransomware operators',
 'title': 'Fog Ransomware Attack Using Legitimate and Open-Source Tools',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.