GootLoader Hackers Targeting Employees of Law and Accounting Firms

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

"GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire said in a report shared with The Hacker News. The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed.
Click to expand...
"GootLoader relies heavily on social engineering to establish its foothold, from poisoning Google search results to fashioning the payload," said Keegan Keplinger, research and reporting lead for eSentire's Threat Response Unit (TRU). "GootLoader's operators invite employees to seek, download, and execute their malware under the guise of a free business agreement template. This is particularly effective against legal firms, who may encounter uncommon requests from clients."
Click to expand...
thehackernews.com

GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader malware campaign now targets employees of law and accounting firms.
thehackernews.com thehackernews.com
 
  • Like
Reactions: Venustus, SeriousHoax, Gandalf_The_Grey and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Detailed analysis of GootLoader (from previous campaigns):
news.sophos.com

“Gootloader” expands its payload delivery options

The Javascript-based infection framework for the Gootkit RAT increasingly delivers a wider variety of malware, including ransomware payloads, filelessly
news.sophos.com news.sophos.com

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets - SentinelLabs

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.
www.sentinelone.com www.sentinelone.com
 
Last edited:
  • Like
Reactions: SeriousHoax, Gandalf_The_Grey, Nevi and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Malware News New GootLoader Malware Variant Evades Detection and Spreads Rapidly
Replies
0
Views
1,572
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
Replies
1
Views
1,408
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Replies
1
Views
1,012
News Archive
Shadowra
Shadowra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top