A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems. It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model. The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at
seo (3)
The Healthcare and Public Health (HPH) sector issued a warning on 22 June regarding SEO Poisoning. Search engine optimization (SEO) poisoning, considered a type of malvertising (malicious advertising), is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers. SEO poisoning tricks the human mind, which naturally assumes the top hits are the most credible and is very effective when people fail to look closely at the
The operators of the GootLoader campaign are targeting employees of accounting and law firms as part of a renewed effort of cyberattacks to deploy malware on infected systems. This is an unfortunate sign that the adversary is expanding its focus to other high-value targets. The Gootkit malware family has been around for five years or more, and is used to distribute code such as ransomware, which can encrypt the files on a Windows computer and only release them once a ransom is paid.
Gootloader