Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry.
The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a legitimate browser-related file, Edge.exe (originally named cookie_exporter.exe), to sideload a malicious msedge.dll (SWORDLDR), which subsequently deployed the Charon ransomware payload. Analysis of the msedge.dll component revealed it was designed to load a file named DumpStack.log, which was absent from the Trend Micro initial telemetry.
Read more…
Source:Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Indonesian government says national data center was hit in ransomware attack – but it won’t pay up
June 25, 2024
The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens – but says it won’t be held to ransom. Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with ...
- Car Dealerships Across US Halt Services After Cyberattack
June 20, 2024
Thousands of car dealerships were ground to a halt during a normally busy holiday Wednesday by a cyber incident at CDK Global, a major software provider for dealers across the US. The company “shut all systems down and executed extensive testing and consulted with external third-party experts,” Tony Macrito, a CDK spokesman, said in an email. ...
- Police Service Northern Ireland had 260 data breaches in two years, with only a fraction reported or disclosed
June 12, 2024
Figures released under a Freedom of Information request have shown the PSNI had 260 data breaches over two years — but only a fraction of them were reported to external authorities, and even fewer were publicly disclosed. In one case, a data breach was not reported for almost eight years. In 2022, there were 154 breaches, ...
- Canada does not have the tools to fight cyber crime, says watchdog
June 5, 2024
Canada’s federal government does not have the capacity and tools to effectively fight cyber crime in part because of excessive bureaucracy and staff shortages, the country’s top watchdog said on Tuesday. In an official report, Auditor General Karen Hogan said she found breakdowns in response, coordination, tracking, and information sharing between and across the organizations responsible ...
- ‘People’s lives are at risk’: Ascension ransomware attack going on nearly three weeks
May 29, 2024
A ransomware attack on a major US hospital network that began three weeks ago is endangering patients’ health as nurses are forced to manually enter prescription information and work without electronic health records, nurses at two hospitals affected by the cyberattack told CNN. “It’s putting patients’ lives in danger,” said a nurse who works at Ascension ...
- LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack
May 23, 2024
The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...