BleepingComputer reports that the Racoon Stealer malware developer group has suspended operations following the death of one of their core developers amid Russia's invasion of Ukraine.
In posts on Russian-speaking cybercrime forums on Friday, the group behind Racoon Stealer noted that the developer's death during the "special operation" would no longer make the stealer's operations possible. However, the threat actors confirmed their plans to reconstruct the lost components and relaunch in the coming months. In the meantime, threat actors will be transitioning to the similar Mars Stealer operation, according to security researcher 3xport, who discovered the hacking forum posts. Another post indicated an overwhelming surge of requests at 'MarsTeam' since Racoon's announcement, with 3xport warning about a surge of Mars Stealer hacking campaigns.
Russia's invasion of Ukraine has prompted a significant movement among cybercrime actors, with a former Maze ransomware operation representative issuing the master decryptor for previous victims, as well as the exposure of the Conti ransomware group's internal chats and source code after the group had sided with Russia.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
BBC News reports that major online travel agency Booking.com had its customers in the U.S., UK, and other parts of the world impacted by fraud following a social engineering attack that involved the deployment of the Vidar information-stealing malware.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news