Fog Ransomware: Unusual Toolset Used in Recent Attack

SUMMARY :

A May 2025 ransomware attack on an Asian financial institution utilized the Fog ransomware alongside an atypical toolset. The attackers deployed legitimate employee monitoring software Syteca and open-source pentesting tools like GC2, Adaptix, and Stowaway. Notably, they established persistence post-ransomware deployment, suggesting potential espionage motives. The attack lasted two weeks before ransomware deployment. Fog ransomware, first documented in May 2024, initially targeted U.S. educational institutions. The attackers used various tools for lateral movement, data theft, and command execution. The unusual toolset and persistence behavior set this attack apart from typical ransomware operations, hinting at possible dual objectives of espionage and financial gain.

OPENCTI LABELS :

fog,persistence,fog ransomware,cve-2024-40711,asia,unusual toolset,employee monitoring software,financial institution,pentesting tools


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Fog Ransomware: Unusual Toolset Used in Recent Attack