GootLoader Hackers Targeting Employees of Law and Accounting Firms

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,072
Content source
https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

"GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire said in a report shared with The Hacker News. The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed.
Click to expand...
"GootLoader relies heavily on social engineering to establish its foothold, from poisoning Google search results to fashioning the payload," said Keegan Keplinger, research and reporting lead for eSentire's Threat Response Unit (TRU). "GootLoader's operators invite employees to seek, download, and execute their malware under the guise of a free business agreement template. This is particularly effective against legal firms, who may encounter uncommon requests from clients."
Click to expand...
thehackernews.com

GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader malware campaign now targets employees of law and accounting firms.
thehackernews.com thehackernews.com
 
  • Like
Reactions: Venustus, SeriousHoax, Gandalf_The_Grey and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,481
Detailed analysis of GootLoader (from previous campaigns):
news.sophos.com

“Gootloader” expands its payload delivery options

The Javascript-based infection framework for the Gootkit RAT increasingly delivers a wider variety of malware, including ransomware payloads, filelessly
news.sophos.com news.sophos.com

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets - SentinelLabs

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.
www.sentinelone.com www.sentinelone.com
 
Last edited:
  • Like
Reactions: SeriousHoax, Gandalf_The_Grey, Nevi and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Malware News New GootLoader Malware Variant Evades Detection and Spreads Rapidly
Replies
0
Views
1,793
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
Replies
1
Views
1,566
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Replies
1
Views
1,205
News Archive
Shadowra
Shadowra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top