Operators of the Vidar and RedLine information-stealing malware strains have begun delivering ransomware payloads through tactics initially leveraged for infostealer distribution, suggesting a streamlining of attackers' operations, reports The Hacker News.
After sending phishing emails containing infostealer malware with Extended Validation code signing certificates to an unspecified victim in July, threat actors proceeded to deliver a fraudulent TripAdvisor complaint attachment that prompted ransomware deployment, according to a report from Trend Micro.
Researchers noted that no EV certificates were found in the files used in dropping the ransomware.
"However, the two originate from the same threat actor and are spread using the same delivery method. We can therefore assume a division of labor between the payload provider and the operators," said researchers.
The findings follow an IBM X-Force study showing the utilization of an updated DBatLoader malware loader in new phishing attacks distributing Warzone RAT and Agent Tesla malware since June.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.