CYBER NEWS

C&C Server Hosting a Large Stockpile of Malicious Files Discovered

Security researchers recently discovered a new server “hosting a large stockpile of malicious files”.




The analysis shows that malicious actors are targeting a number of organizations with the help of a command-and-control server. This server is hosting samples of ransomware and PoS malware, among others.

The analysis carried out by Cisco Talos researchers shows that the attackers were “able to obtain a deep level of access to victims’ infrastructure”. The research team also identified several of the targets, including one American manufacturing company.

The researchers discovered “a great variety of malicious files on this server, ranging from ransomware like the DopplePaymer, to credit card capture malware like the TinyPOS, as well as some loaders that execute code delivered directly from the command and control (C2).”

The diversity of data located on this server depicts how threat actors can target a large variety of organizations using the same infrastructure. The malicious tools and approaches reveal a resourceful and sophisticated adversary, who has “a widespread infrastructure shared across different operations.”

Related:
It is very critical for businesses to protect confidential data that they collect and retain such as customer information, legal contracts, etc.
A 7-Step Guide to Protecting Confidential Business Data at Work and at Home

Two Targets Identified

Two recent targets of this resourceful adversary were identified during the analysis of the command and control server. The first targeted organization is an aluminum and steel gratings manufacturer based in the United States. This company was targeted with ransomware.

For the identification of the second target, the researchers deployed a process dump. However, details about the victimized organization were not revealed in the report.

In conclusion, the analysis reveals a sophisticated threat actor capable of compromising a variety of organizations, using different malware samples. One of the targets the researchers identified was attacked by ransomware, but the threat actor can also steal credit card data via PoS malware.

Based on the discoveries so far, it seems that the attacker is preferring medium-sized companies in the industrial sector. During their investigation, the researchers got in touch with several potential victims to ensure they could remediate.

This is a good example of how an attacker can be diverse during their use of infrastructure and their use of different tools, techniques and procedures (TTPs), the researchers concluded.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...