Fog ransomware hackers are utilizing an unusual combination of open-source tools and legitimate software, including Syteca, to conduct their attacks. This sophisticated toolkit helps them evade detection and carry out post-exploitation activities on victimsβ networks. #FogRansomware #Syteca #Stowaway #GC2 #Impacket
Keypoints
- The Fog ransomware group first gained access through compromised VPN credentials in May of last year.
- The attackers employed pass-the-hash tactics, disabled Windows Defender, and encrypted files post-intrusion.
- They exploited n-day flaws in Veeam Backup & Replication and SonicWall SSL VPN endpoints.
- The threat actor used uncommon tools like Syteca, Stowaway, GC2, Adapt2x C2, and PsExec during their operation.
- The use of legitimate and open-source utilities aids in evading detection and complicating incident response efforts.