This analysis links a sophisticated cyber attack to three ransomware groups through the tools and tactics used. The attacker employed a range of malware, reconnaissance tools, and evasive techniques before exfiltrating data and preparing for ransomware deployment. #SectopRAT #Betruger #RansomHub #DragonForce #PlayRansomware
Keypoints
- The attack began with a malicious Office file disguised as a legitimate software application.
- The threat actor used multiple tools like SystemBC, PowerShell, and SharpHound for reconnaissance and lateral movement.
- Betruger consolidated multiple pre-ransomware capabilities into a single backdoor to streamline attack processes.
- Defense evasion techniques such as timestomping, process injection, and spoofed binaries were extensively employed.
- The ultimate goal was data exfiltration and preparation for ransomware deployment, linked to three known ransomware groups.