By Jindrich Karasek (Threat Researcher)
As we’ve observed with cybercriminal groups that aim to maximize profits for every campaign, silence doesn’t necessarily mean inactivity. It appears hacking group Outlaw, which has been silent for the past few months, was simply developing their toolkit for illicit income sources. While they have been quiet since our June analysis, we observed an increase in the group’s activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks. The updates expanded scanner parameters and targets, looped execution of files via error messages, improved evasion techniques for scanning activities, and improved mining profits by killing off both the competition and their own previous miners.
We analyzed the kits, which were designed to steal information from the automotive and finance industries, launch subsequent attacks on already compromised systems, and (possibly) sell stolen information. Comparing this development to their previous attacks, we think Outlaw may be aiming to go after enterprises that have yet to update their systems, assessing security and changes with their previously infected hosts, finding new and old targets, and possibly testing their updates in the wild. We will continue to observe the group’s activities as they target industries from the United States and Europe. Based on the samples we collected and traced to 456 distinct IPs, we expect the group to be more active in the coming months as we observed changes on the versions we acquired.
Routine
These new samples targeted Linux- and Unix-based operating systems, vulnerable servers, and internet of things (IoT) devices by exploiting known vulnerabilities with available exploits. T ..
Support the originator by clicking the read the rest link below.
