The Interlock ransomware gang is deploying a new remote access trojan called NodeSnake to maintain persistent access to educational networks. This development indicates their ongoing evolution, with capabilities for data exfiltration, process hacking, and real-time command execution. #Interlock #NodeSnake #RansomwareGroups #EducationalInstitutes
Keypoints
- The Interlock gang launched in September 2024 and targets sectors including education and healthcare.
- NodeSnake is a new, actively developed RAT used in attacks on UK universities in early 2025.
- The malware employs obfuscation, encryption, and disguise techniques to evade detection and analysis.
- Attacks begin with phishing emails that lead to NodeSnake infections, establishing persistent access.
- Threat actors can execute commands, manipulate processes, and exfiltrate data through NodeSnakeβs capabilities.