A new cyber campaign by the threat group CL-CRI-1014 is targeting African financial institutions, primarily acting as initial access brokers. The attackers utilize open-source tools like PoshC2 and Classroom Spy to establish remote access and evade detection. #CL-CRI-1014 #PoshC2 #ClassroomSpy #AfricanFinancialSector
Keypoints
- The campaign targets financial organizations across Africa since 2023.
- The threat actors act as initial access brokers, selling access on the dark web.
- Tools like PoshC2, Chisel, PsExec, and Classroom Spy are used for deployment and control.
- Attackers create tunnels and remotely administer compromised systems to evade detection.
- They employ evasion techniques such as signing tools with stolen signatures and using legitimate icons.
Read More: https://www.infosecurity-magazine.com/news/hackers-financial-businesses-africa/