SocGholish's Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
SocGholish, a malware-as-a-service framework, is being used to deploy RansomHub ransomware. It compromises legitimate websites, redirecting visitors to fake browser updates that deliver malicious payloads. The highly obfuscated JavaScript loader evades detection and executes various tasks, including reconnaissance, credential theft, and backdoor deployment. Water Scylla, the group behind this activity, collaborates with threat actors operating rogue Keitaro TDS instances for payload distribution. The attack chain involves multiple stages, from initial access to ransomware deployment. SocGholish's versatile loader can download and execute malicious payloads, exfiltrate data, and execute arbitrary commands. Recent detections show high activity in the US, primarily targeting government organizations.
OPENCTI LABELS :
backdoor,ransomware,socgholish,credential theft,javascript,ransomhub,compromised websites,keitaro tds
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SocGholish's Intrusion Techniques Facilitate Distribution of RansomHub Ransomware