FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware

Symantec’s Threat Hunter Team, a part of Broadcom, recently observed the Syssphinx (aka FIN8) cyber-crime group deploying a variant of the Sardonic backdoor to deliver the Noberus ransomware.

While analysis of the backdoor revealed it to be part of the Sardonic framework previously used by the group, and analyzed in a 2021 report from Bitdefender, it seems that most of the backdoor’s features have been altered to give it a new appearance.

Read more…
Source: Symantec