Episode Transcript
Hackers that use siteeca, GC two and adaptics in an
espionage style intrusion against an Asian financial institution. FOG ransomware
hackers known for targeting US educational institutions are now using
legitimate employee monitoring software siteeca and several open source pen
testing tools alongside usual encryption. In a May five attack
(00:23):
on a unnamed financial institution in Asia, Symantec researcher spotted
hackers using siteteca and several pen testers, including GC two
in adaptics. The behavioral they found highly unusual in a
ransomware attack chain. Reflecting on the shift in FOG's attacks,
bug crowd SISO triy Ford said we should expect the
(00:43):
use of ordinary and legitimate corporate software as the norm.
We referred to this as living off the land. Why
would an attacker introduce new software, create more noise and
logs and increase the likelihood detection when the liable software
gets the job done for them well, Simantech identify the
initial infection vector using the attack. FOG ransomware actors have
(01:04):
used critical vulnerabilities in the past. Syteca was likely used
as a stealer. Researchers found attackers using stowaway, the open
source proxy tool designed for secure communication between internal and
external networks. It is not known how the attackers use
the setecha tool during the intrusion, which was distributed as
files under the names like Syteca client dotxe. Still, they
(01:29):
have very serial potential of an employee monitoring tool with
screen recording, a keystroke logging capabilities isn't too hard to guess.
Several libraries are loaded by this executable, suggesting it was
possibly used for information stealing or spying. The real danger
in this case isn't the ransom note, it's how fog
turns a simple screen record into a hidden camera. Software
(01:49):
is an essential driver of growth and innovation for every company. However,
business apps we install an autopilot can suddenly become spy tools.
Security team, you should keep a live map, but where
every monitoring app is allowed to run and flag it
the one moment it pops up somewhere odd. In addition,
another peculiarly observed in the attack was the use of
(02:11):
open source penetration testing tools like GCT and adaptics, rarely
seen with ransomware attacks. Google Command and Controls GC two
is an open source post exploitation tool that allows attackers
to control compromise systems using legitimate cloud services like Google
Sheets and Google Drive. The GC two implant alone potentially
allowed attackers to run discovery commands, transfer files, and load
(02:33):
shell code, hitting a deeper intelligence gathering objectives. Unlike typical
ransomware actors that exit post encryption, the FOG group was
seen establishing persistence even days after deploying the ransomware and
move more common and espionage operations. The attackers establishing persistence
on a victim network having deployed the ransomware is also
not something they would typically see in a ransom ware attack.
(02:59):
And that's your update for now in regards to Fogg
and get the rest of the article if you want
from c s o O CSO online dot com for
the whole article. That's it for now
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com