Vietnam-based cybercriminals are deploying ‘Darkgate’ ransomware and a ransomware as a Service toolset to attack digital marketing organizations in India, the US, and the UK. Researchers found several DarkGate malware infiltration attempts, matching DuckTail infostealer tactics. The report emphasizes cybersecurity and the necessity for strong defenses against sophisticated attackers…
According to reports, Vietnamese cybercriminals are targeting digital marketing organizations in India, the US, and the UK. According to cybersecurity company WithSecure, they are using ‘Darkgate’ malware and a Malware as a Service (MaaS) toolset to compromise victims with competing remote access trojans (RATs) and data-stealing malware including Ducktail, Lobshot, and Redline.
August 4 saw many DarkGate malware infiltration attempts in these countries, according to researchers. The analysis shows that the lure documents, attack strategies, distribution methods, and patterns match DuckTail infostealer campaigns.
Remote Access Trojan (RAT) DarkGate surfaced online in 2018. It is usually offered as Malware-as-a-Service to hackers.
Researchers found links to several infostealers in DarkGate malware campaign open-source data, suggesting they are the same group.
The attack starts with ‘Salary and new products.8.4.zip.’ When consumers unknowingly download and extract this file, a VBS script runs. This script renames and duplicates Curl.exe and connects to an external server to acquire autoit3.exe and a compiled Autoit3 script. Executing the executable, de-obfuscating it, and assembling the DarkGate RAT with script strings follows.
Senior Threat Intelligence Analyst Stephen Robinson said, “Based on what we’ve observed, it is very likely that a single actor is behind several of the campaigns we’ve been tracking that target Meta Business accounts.”
Once they manage an account, attackers can distribute malware and commit fraud.
The research emphasizes the importance of cybersecurity and the necessity for strong defenses against sophisticated cyber threats targeting enterprises globally.
As attackers adapt and use a variety of methods to infiltrate targets, from individuals to large businesses, this form of cyberattack represents the changing cybersecurity landscape.
Cybersecurity is a constant concern, especially in sectors that handle sensitive data or essential infrastructure. Businesses and individuals must keep up with cybersecurity trends and take precautions to avoid these dangers. Organizations should also undertake cybersecurity awareness training for staff to identify and minimize threats.
Conclusion
Vietnam-based cybercrime organizations are deploying ‘Darkgate’ malware and a Malware as a Service (MaaS) toolkit to attack digital marketing firms in India, the US, and the UK. Rival remote access trojans (RATs) and other data-stealing malware are used to compromise victims. August 4 saw many DarkGate malware infiltration attempts in these countries, according to researchers. Cybercriminals use DarkGate, a 2018 Remote Access Trojan (RAT), as a Malware-as-a-Service. According to open-source data linked to the DarkGate malware operation, numerous infostealers are tied to the same organization or threat actor. The research stresses the importance of cybersecurity and the necessity for strong defenses against sophisticated cyber threats targeting enterprises globally.
