Threat actors have targeted government entities with the PureCrypter malware downloader, which is used to deliver several information stealers and ransomware variants to targeted entities.
According to a study conducted by researchers at Menlo Security, the initial payload of this attack was hosted on Discord by the threat actor. A non-profit organization was compromised to store more hosts for the campaign.
Several different types of malware were delivered via the campaign, including Redline Stealer, Agent Tesla, Eternity, Black Moon, and Philadelphia Ransomware, researchers said in a statement.
Several government organizations in the Asia Pacific (APAC) and North American regions have been targeted by PureCrypter’s marketing campaign, according to researchers.
Steps Involved in an Attack
Firstly, the attacker sends an email with a Discord app link pointing to a password-protected ZIP archive containing a PureCrypter sample, which is then used to launch the attack.
As of March 2021, PureCrypter began to become popular in the wild as a .NET malware downloader. Various types of malware a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: