PureCrypter malware hits govt orgs with ransomware, info-stealers

Gandalf_The_Grey

Gandalf_The_Grey

Level 73
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,216
Content source
https://www.bleepingcomputer.com/news/security/purecrypter-malware-hits-govt-orgs-with-ransomware-info-stealers/
A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.

Researchers at Menlo Security discovered that the threat actor used Discord to host the initial payload and compromised a non-profit organization to store additional hosts used in the campaign.

"The campaign was found to have delivered several types of malware including Redline Stealer, AgentTesla, Eternity, Blackmoon and Philadelphia Ransomware," the researchers say.

According to the researchers, the observed PureCrypter campaign targeted multiple government organization in the Asia-Pacific (APAC) and North America regions.
Click to expand...
The attack begins with an email that has a Discord app URL pointing to a PureCrypter sample in a password-protected ZIP archive.

PureCrypter is a .NET-based malware downloader first seen in the wild in March 2021. Its operator rents it to other cybercriminals to distribute various types of malware.

When executed, it delivers the next-stage payload from a command and control server, which is the compromised server of a non-profit organization in this case.

The sample that the researchers at Menlo Security analyzed was AgentTesla. When launched, it establishes a connection to a Pakistan-based FTP server that is used to receive the stolen data.

The researchers found that the threat actors used leaked credentials to take control of the particular FTP server rather than setting it up their own, to reduce identification risks and minimize their trace.
Click to expand...
www.bleepingcomputer.com

PureCrypter malware hits govt orgs with ransomware, info-stealers

A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Dave Russo, Viking, Berny and 6 others
D

Dave Russo

Level 19
Verified
Top Poster
May 26, 2014
924
I saw in the article the chain of attack, e-mail, download, password protected zip. Does someone have to type this password in, (which would allow virus to be human error ?)
 

Attachments

  • 1677411165570.png
    1677411165570.png
    94.5 KB · Views: 42
  • Like
Reactions: Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

BryanB
    • Like
    • +Reputation
Custom malware ( Screentime ) hits your device with specially designed attacks
Replies
1
Views
457
News Archive
Kuttz
Kuttz
Gandalf_The_Grey
    • Like
    • +Reputation
    • Love
Fake ransomware gang targets U.S. orgs with empty data leak threats
Replies
0
Views
703
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
Verblecon malware loader used in stealthy crypto mining attacks
Replies
0
Views
773
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top