CySecurity News - Latest Information Security and Hacking Incidents, EN

GrayAlpha Exposed: Deploys Malware via Infection Vectors

Experts from Insikt Group have found new infrastructure linked with GrayAlpha, a cybercrime gang overlapping with the financially motivated group called FIN7. Fin7 has been in the cybercrime game since 2013 and is known as one of the most infamous and technologically advanced gang-attacking organizations worldwide. “The group is organized like a professional business, with compartmentalized teams handling malware development, phishing operations, money laundering, and management,” reports Insikt Group.

The discovered infrastructure comprises domains used for distributing payload and extra IP addresses that are linked to GrayAlpha. Insikt Group found a custom PowerShell loader called PowerNet, which decompresses and launches NetSupport RAT. Insikt Group discovered another custom loader called MaskBat that shares similarities with FakeBat but is hidden and has strings linked to GrayAlpha.

<

p style=”text-align: justify;”>The experts discovered three main primary infection techniques:

  1. Traffic distribution system (TDS) Tag-124
  2. Fake 7-Zip download site
  3. Fake browser update pages

All the infection vectors were used simultaneously, and a detailed analysis by the experts revealed the individual alleged to be a member of GrayAlpha operation. 

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article:

GrayAlpha Exposed: Deploys Malware via Infection Vectors