Data Security, Critical Infrastructure Security, Phishing, Malware

Phishing campaigns with updated Rhadamanthys, Agent Tesla malware reported

The oil pump, industrial equipment

Organizations in the oil and gas industry have been targeted with a phishing campaign that involved the deployment of a new Rhadamanthys information-stealing malware variant, The Hacker News reports.

Attacks commenced with the distribution of fraudulent vehicle incident emails impersonating the Federal Bureau of Transportation with a link that facilitates the download of the Rhadamanthys, which would proceed in exfiltrating sensitive data, according to a Cofense report.

Such a campaign was discovered to have emerged soon following the dismantling of the LockBit ransomware gang, whose payload was included in a Rhadamanthys variant discovered in August, noted Cofense researcher Dylan Duncan. On the other hand, the U.S. and Australia were reported by Check Point to have been subjected to Agent Tesla phishing campaigns launched by African threat actors Bignosa, also known as Andrei Ivan and Nosakhare Godson, and Gods, also known as Kingsley Frederick, Kmarshal, and GODINHO, in November that were obfuscated with the use of the Cassandra Protector software.

"As seen from the description of these threat actors' actions, no rocket science degree is required to conduct the cybercrime operations behind one of the most prevalent malware families in the last several years," said Check Point.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.