Nuclear EK Is Dead, Long Live the Exploit Kit!

Nuclear EK Is Dead, Long Live the Exploit Kit!

researching-advanced-malware-sensorstechforum
It’s always good news when a prevalent malicious threat is taken down. However, cyber criminals quickly regroup and as a result, new ones appear on the threat landscape.

Nuclear EK Exits the Malware-as-a-Service Market

Exploit kits have been a major culprit in most ransomware infections, the Nuclear EK being one of the favored malware-as-a-service tools in the hands of cyber criminals. Nuclear EK has been used to spread Locky ransomware which has turned out to be one of the most prevalent and devastating crypto viruses. Nuclear activities saw a sensible decrease at the end of April. According to multiple resources, the exploit kit’s infrastructure is now completely frozen.

Related: Exploit Kit Attacks Throughout 2015

Security firm Check Point, in particular, says that the “death” of Nuclear is due to a detailed and in-depth analysis in two parts they published not too long ago. The first part of the analysis was published a week before Check Point noticed Nuclear’s sudden exodus.

At the end of April, just a few days after our first report was published, the existing Nuclear infrastructure ceased operation entirely – all Nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses.

Check Point’s vast research of the infamous EK not only gave away the technical site of the operation but also indicated that its operators are likely located in Krasnodar, Russia, making approximately $100,000 a month.

It’s highly likely that Nuclear’s operators got scared and decided to put an end to its money-making machine (and enjoy their illegal profit before it’s too late).

Check Point is not the only security firm that has confirmed the disappearance of Nuclear EK. French researcher Kafeine also noticed its departure, along with Symantec:

The Nuclear exploit kit, which topped April’s list, has dropped out of the top five this month [May], likely due to research that was published in late April, shedding light on the toolkit’s infrastructure and likely leading to disruptions. This follows the disappearance of the Spartan toolkit from our top five list in April. The Spartan toolkit had also previously topped the list of web attacks by toolkit.

Angler EK Is Also Out of the Game

Nuclear is not the only exploit kit that ceased to exist just recently – Angler was also shut down. So, who’s left in the malware-as-a-service market? Neutrino, Magnitude, RIG and Sundown are still being used in malicious operations. Will new EKs emerge? Hopefully not, but by having a look at the dynamic threat landscape, it’s very likely that cyber criminals will quickly come up with other exploit kit pieces.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.