Reeling in DarkGate Malware Attacks from the Beach


Last year, the number of malware attacks worldwide reached 6.08 billion. That’s a 10% increase compared with 2022. Why are cybercriminals developing so much malware? Because it is a vital tool to help them infiltrate businesses, networks or specific computers to steal or destroy sensitive data. or destroy sensitive data.

There are many types of malware infections. Here are just three examples – RYUK (ransomware), Astaroth (fileless malware), DarkGate (multifunctional malware). DarkGate is a notable example. It’s a sophisticated and adaptive piece of malware that’s designed to perform various malicious activities. This includes data theft, unauthorized access and system compromise.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies

    May 19, 2022

    In Part 1 of this two-part blog series, Unit 42 researchers discussed briefly how XLL files are exploited to deploy Agent Tesla. During December 2021, they continued to observe Dridex and Agent Tesla exploiting XLL in different ways for initial payload delivery. A more in-depth look at the Dridex infection chain follows. Threat actors behind Dridex ...

  • Protecting Android users from 0-Day attacks

    May 19, 2022

    To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks. This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, ...

  • Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

    May 18, 2022

    The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud ...

  • Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups

    May 18, 2022

    On February 13, 2022, a novel, lesser-known ransomware collective posted the alleged financial documents of the San Francisco 49ers football team on their underground site. The threat group, known as BlackByte, was widely credited with the orchestration of the attack—However, AdvIntel’s sensitive primary-source intelligence and factual data evidence (including IOCs) point to a different conclusion: ...

  • Wizard Spider hackers hire cold callers to scare ransomware victims into paying up

    May 18, 2022

    Researchers have exposed the inner workings of Wizard Spider, a hacking group that pours its illicit proceeds back into the criminal enterprise. On Wednesday, PRODAFT published the results of an investigation into Wizard Spider, believed to either be or be associated with the Grim Spider and Lunar Spider hacking groups. According to the cybersecurity firm, Wizard Spider, ...

  • The BlackByte ransomware group is striking users all over the globe

    May 18, 2022

    The BlackByte ransomware group uses its software for its own goals and as a ransomware-as-a-service offering to other criminals. The ransomware group and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam. Cisco Talos has been monitoring BlackByte for several months and Talos can confirm ...