GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment.
Starting in May 2022 and up until summer of 2023, GOFFEE deployed modified Owowa (malicious IIS module) in their attacks. As of 2024, GOFFEE started to deploy patched malicious instances of explorer.exe via spear phishing. During the second half of 2024, GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that we dubbed “PowerModul”. The targeted sectors included media and telecommunications, construction, government entities, and energy companies.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- M&S: WFH staff locked out of systems amid cyber attack fallout
April 28, 2025
M&S has shut remote-working employees out of some of its IT systems as it struggles to recover from the fallout of a cyberattack last week. The high street giant closed some of the programmes that staff use to log into the internal IT systems when working outside of the office, The Times reported. Cybersecurity experts said ...
- Commvault Releases Security Updates for Command Center
April 24, 2025
Commvault has released a security advisory to address a critical vulnerability in its Command Center Platform. Command Center is Commvault’s all-in-one solution for managing Commvault services within a corporate environment. CVE-2025-34028 is a path traversal vulnerability with a CVSSv3 base score of 10.0, and if exploited could allow an unauthenticated attacker to upload ZIP files. The ...
- Android malware turns phones into malicious tap-to-pay machines
April 24, 2025
Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that ...
- Health insurance firm Blue Shield data breach exposed data of over 4.7 million members
April 24, 2025
Health insurance firm Blue Shield has revealed a data breach has exposed protected health data of over 4.7 million members. The information was leaked to Google’s analytics and advertisement platforms following a misconfiguration of Google analytics on Blue Shield sites. “On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics ...
- M&S: FTSE 100 giant battling cyber attack
April 22, 2025
M&S has revealed it has been battling what it has described as a “cyber incident” over the past few days. The FTSE 100 giant said that it’s made some “minor, temporary changes to our store operations to protect customers and the business” and “we are sorry for any inconvenience experienced.” M&S confirmed that it is working ...
- Critical RCE Vulnerability in Erlang/OTP SSH Server
April 22, 2025
Erlang has released updates to its OTP package to address a critical vulnerability in its Secure Shell (SSH) server. Erlang is an open-source programming language. OTP (Open Telecom Platform) is a set of Erlang libraries and middle-ware that can be used to develop applications. CVE-2025-32433 is a critical vulnerability with a CVSSv3 score of 10.0. If ...