Fog ransomware attacks use employee monitoring tool to break into business networks

A naukri.com initiative

New

Fog ransom...

Tech Radar

293

Image Credit: Tech Radar

Fog ransomware utilized a legitimate employee monitoring tool, Syteca, to log keys and retrieve passwords.
The attack also involved the use of open-source tools for payload dropping and file exfiltration.
Security researchers from Symantec noted the attack's atypical nature.
The hackers accessed additional systems by tracking passwords and successfully deploying the encryptor.
To drop Syteca, Fog ransomware used Stowaway, a multi-hop proxy tool.
SMBExec, an open-source post-exploitation tool, executed the payload over SMB protocol.
GC2, an open-source backdoor leveraging Google Sheets and SharePoint, was utilized for C2 and data exfiltration.
Symantec highlighted the unusual toolset deployed by the attackers in the ransomware attack.
Fog ransomware first appeared in April 2024 and targeted notable victims like Melexis and EUMETSAT.
The group initially accessed networks using compromised VPN credentials, then executed malicious activities.
The attackers demanded victims justify their jobs or pay up during their ransomware campaigns.
Security experts recommend the use of authenticator apps and password managers for enhanced protection.

Read Full Article

17 Likes

For uninterrupted reading, download the app