Cybereason rated the threat as “severe” due to the potential damage that could be caused by these attacks.
“GootLoader has security evasion in mind: Cybereason IR team observed large payloads (40MB and more) masquerading with legitimate JavaScript code, in order to evade security mechanisms,” a Cybereason blog post explained.
Cybereason’s IR team first responded to the threat in December 2022, when threat actors leveraged new deployment methods of GootLoader. Specifically, threat actors were observed hosting the infection payload on a compromised Wordpress site.
“SEO Poisoning and Google service abuse like Google Ads are becoming a trend amongst malware operators to distribute their payloads,” the blog post explained.
Using SEO poisoning, threat actors were able to get victims to download malicious payloads. SEO poisoning techniques allow threat actors to get fraudulent websites to appear higher up on search engine results, leading to more clicks.
“Following the GootLoader infection, the Cybereason IR team observed hands-on keyboard activities which led to further deployment of attack frameworks, Cobalt Strike and SystemBC,” Cybereason added.
“The threat actor leveraged these frameworks following the infection phase and during the lateral movement phase.”
Cybereason described the threat actors as “aggressive,” having displayed “fast-moving behaviors” and getting elevated privileges in less than four hours. These threat actors are known to target healthcare and...
Read Full Story: https://news.google.com/rss/articles/CBMiV2h0dHBzOi8vaGVhbHRoaXRzZWN1cml0eS5jb20vbmV3cy9nb290bG9hZGVyLW1hbHdhcmUtc2VvLXBvaXNvbmluZy1pbXBhY3RpbmctaGVhbHRoY2FyZdIBW2h0dHBzOi8vaGVhbHRoaXRzZWN1cml0eS5jb20vbmV3cy9hbXAvZ29vdGxvYWRlci1tYWx3YXJlLXNlby1wb2lzb25pbmctaW1wYWN0aW5nLWhlYWx0aGNhcmU?oc=5
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
