Updated Shadowpad Malware Leads to Ransomware Deployment
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A recent investigation revealed Shadowpad malware being used to deploy a new ransomware family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the manufacturing sector. Access was gained through remote network attacks, exploiting weak passwords and bypassing multi-factor authentication. The Shadowpad malware showed enhancements in anti-debugging techniques and encryption methods. Unusually, a previously unreported ransomware was deployed in some cases, mimicking the appearance of Kodex Evil Extractor but with different functionality. The attackers also used tools like CQHashDumpv2 and Impacket for post-exploitation activities. While attribution remains uncertain, there are weak links to the Teleboyi threat actor.
OPENCTI LABELS :
ransomware,plugx,shadowpad,impacket,manufacturing,anti-debugging,dns over https,multi-factor authentication bypass,remote network attacks,intellectual property theft,cqhashdumpv2
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Updated Shadowpad Malware Leads to Ransomware Deployment