Palo Alto Networks Unit 42 uncovered a Dark Gate malware campaign exploiting legitimate tools for distributing malware. Using Excel files, the malware leveraged public SMB shares to spread across North America, Europe, and Asia. DarkGate, a sophisticated RAT, is capable of various malicious activities, evading detection, and has been active since 2018. The surge in activity followed Qakbot infrastructure disruption and reached its peak with 2,000 samples in a single day, indicating a widespread and significant breach.
Source: https://securityaffairs.com/165723/malware/dark-gate-malware-uses-samba-file-shares.html
TPRM report: https://scoringcyber.rankiteo.com/company/unit42
"id": "uni617071524",
"linkid": "unit42",
"type": "Breach",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'location': ['North America', 'Europe', 'Asia']}],
'attack_vector': 'Excel files and public SMB shares',
'description': 'Palo Alto Networks Unit 42 uncovered a Dark Gate malware '
'campaign exploiting legitimate tools for distributing '
'malware. Using Excel files, the malware leveraged public SMB '
'shares to spread across North America, Europe, and Asia. '
'DarkGate, a sophisticated RAT, is capable of various '
'malicious activities, evading detection, and has been active '
'since 2018. The surge in activity followed Qakbot '
'infrastructure disruption and reached its peak with 2,000 '
'samples in a single day, indicating a widespread and '
'significant breach.',
'initial_access_broker': {'entry_point': 'Excel files and public SMB shares'},
'motivation': 'Data exfiltration, evasion of detection, and distribution of '
'malware',
'references': [{'source': 'Palo Alto Networks Unit 42'}],
'threat_actor': 'DarkGate',
'title': 'Dark Gate Malware Campaign',
'type': 'Malware Campaign'}