More tools leveraged by AvosLocker ransomware affiliates known for combining open-source and legitimate software in their operations have been detailed in an updated joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency and the FBI, reports BleepingComputer.
Aside from using custom PowerShell, batch scripts, and web shells to facilitate lateral network movement and privilege escalation, AvosLocker affiliates have also been tapping into various remote administration tools, open-source network tunneling utilities, and adversary emulation frameworks, as well as credential harvesting and data exfiltration tools, according to the advisory. AvosLocker was also observed to have utilized the RDP Scanner, Notepad++, 7Zip, PsExec, and Nltest, as well as the NetMonitor malware masquerading as a network monitoring tool in its intrusions.
With various critical infrastructure entities across the U.S. already compromised by AvosLocker, organizations have been urged by the CISA and FBI to ensure application control mechanism adoption, limited remote desktop service access, and updated software and code to prevent compromise.
Nearly $115 million worth of cryptocurrency have been stolen so far from the HTX digital currency exchange, formerly Huobi, and the Heco Chain blockchain bridge following a cyberattack last week, CNBC reports.