CoralRaider attacks use CDN cache to push info-stealer malware

In an ongoing effort that targets systems in the United States, the United Kingdom, Germany, and Japan, a threat actor has been storing information-stealing malware in a content delivery network cache.

Researchers think CoralRaider, a financially motivated threat actor that targets social media accounts, financial information, and credentials, is responsible for the attack.

The hackers supply info stealers LummaC2, Rhadamanthys, and Cryptbot, which are sold on dark web forums by malware-as-a-service providers in exchange for a membership charge.

Cisco Talos determines that the campaign is a CoralRaider operation with a moderate degree of confidence based on common tactics, methods, and procedures (TTPs) with other assaults that the threat actor has been linked to.

The first attack vectors, the usage of intermediary PowerShell scripts for payload delivery and decryption read more CoralRaider attacks use CDN cache to push info-stealer malware.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *