Cybersecurity experts have identified CountLoader, a sophisticated malware loader utilized by Russian ransomware groups to deploy tools like Cobalt Strike and PureHVNC RAT. The malware has multiple versions and is used in targeted phishing campaigns, mainly in Ukraine, to gain initial access and establish persistence. #CountLoader #LockBit #BlackBasta #Qilin #PureHVNC
Keypoints
- CountLoader is an advanced malware loader used by Russian threat actors to facilitate post-exploitation activities.
- The malware is available in .NET, PowerShell, and JavaScript versions, targeting Ukrainian individuals through phishing campaigns.
- It can download and execute various payloads, collect system information, and establish persistence via scheduled tasks.
- The malware infrastructure involves over 20 domains and supports tools like Cobalt Strike and PureHVNC RAT.
- Russian ransomware groups show interconnected operations, often sharing tools and human resources regardless of specific malware brands.
Read More: https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html