Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A series of attacks targeting financial organizations across Africa has been observed since July 2023. The threat actor, tracked as CL-CRI-1014, uses open-source and publicly available tools like PoshC2, Chisel, and Classroom Spy to establish attack frameworks, create tunnels for network communication, and perform remote administration. They forge file signatures to disguise their toolset and mask malicious activities. The attackers are suspected to be acting as initial access brokers, creating footholds in financial institutions to sell access on darknet markets. Their playbook includes lateral movement techniques such as creating remote services, executing through DCOM, and using PsExec. The threat actor also employs evasion methods like using packers and signing tools with stolen signatures.
OPENCTI LABELS :
lateral movement,chisel,poshc2,financial sector
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector