Russian hackers attack remote US workers with ransomware

As well as the good guys using the bad guys’ tools, the bad guys also use the good guys’ stuff. Your red team should use CobaltStrike and take notice of what the test tells you before the bad guys do..:

[…] ‘WastedLocker’ is a relatively new breed of targeted ransomware and has been attributed to the notorious ‘Evil Corp’ cyber crime outfit from Russia.

Two Russian men who are alleged to be involved in the group have open indictments against them in the US.

The attacks begin with a malicious JavaScript-based framework known as SocGholish, tracked to more than 150 compromised websites, which masquerades as a software update.

Once the attackers gain access to the victim’s network, they use ‘Cobalt Strike’ commodity malware to steal credentials and move across the network in order to deploy the WastedLocker ransomware on multiple computers.


Original article here