By Kendall McKay and Joe Marshall
THREAT SUMMARY
Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an information-stealing malware; the remote access tool Remcos; the DarkVNC backdoor trojan; and a clipboard cryptocurrency stealer.The actors are also using a new IP address and two new domains to carry out their operations.
The addition of new tactics, techniques, and procedures (TTPs) suggest Tor2Mine is seeking ways to diversify their revenue in a volatile cryptocurrency market.
What’s new?
Tor2Mine has traditionally been a cryptocurrency mining malware actor notorious for infecting victims with cryptominers that steal system resources to mine currency. In a new development, the Tor2Mine actors have incorporated additional malware into their operations, likely as a way to diversify revenue streams and stay relevant in a COVID-19 world where cryptocurrencies are fluctuating wildly.
So what?
Between January and June 2020, Cisco Talos observed resurgent activity from Tor2Mine, a profit-driven actor that remains active despite a global economic recession and volatile cryptocurrency market. To address these challenges, Tor2Mine, a group traditionally known to deliver cryptocurrency mining malware, has begun using additional malware to harvest victims’ credentials and steal more money. The addition of new TTPs, as well as the use of new infrastructure, highlights Tor2Mine’s resilience in a challenging threat environment. These developments also underscore threat actors’ persistence more broadly and should serve as a reminder that organizations must maintain heightened security at all times.
What makes the Tor2Mine group notable is their use of T ..
Support the originator by clicking the read the rest link below.
