New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises


Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry.

The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a legitimate browser-related file, Edge.exe (originally named cookie_exporter.exe), to sideload a malicious msedge.dll (SWORDLDR), which subsequently deployed the Charon ransomware payload. Analysis of the msedge.dll component revealed it was designed to load a file named DumpStack.log, which was absent from the Trend Micro initial telemetry.

Read more…
Source:Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Incident Response Plans: A Comparison of US Law, EU Law and Soon-To-Be EU Law

    February 3, 2017

    The best way to handle any emergency is to be prepared. When it comes to data breaches, incident response plans are the first step organizations take to prepare. In the United States, incident response plans are commonplace. Since 2005, the federal banking agencies have interpreted the Gramm-Leach-Bliley Act as requiring financial institutions to create procedures for ...