One Article Review

Accueil - L'article:
Source Fortinet.webp Fortinet ThreatSignal
Identifiant 4327837
Date de publication 2022-03-23 00:30:55 (vue: 2022-03-23 08:05:32)
Titre GIMMICK Implant Used by StormCloud APT Targeting Users in Asia
Texte FortiGuard Labs is aware of a new variant of the GIMMICK malware that is targeting Asian users. Discovered by researchers at Volexity, the GIMMICK implant has been attributed to the StormCloud APT group. According to the report, GIMMICK variants for macOS and Windows environments were seen. It also has been observed to be using File based command and control, specifically Google Cloud. GIMMICK has been attributed to nation state actors operating out of China. What is GIMMICK?GIMMICK is an implant that is similar to a remote access trojan (RAT) that allows the attacker to perform various instructions on the victim machine to further lateral movement. What makes this different from a RAT is that it is asynchronous in nature, moves in predefined pattern and does not really rely on an attacker to control. Once the implant is run, it follows a set of steps to further lateral movement and stores all information in a set of directories. Once these steps are completed, the exfiltrated data will be automatically uploaded to a predefined C2 server hosted on Google Drive. This allows for the implant to go undetected as traffic to Google Drive would be considered clean and not malicious traffic. What Operating Systems are Affected?MacOS and Windows platforms. Is GIMMICK Attributed to any other Groups?No. GIMMICK appears to be attributed to StormCloud only. What is the Status of Coverage?FortiGuard Labs has AV coverage in place as:Customers running the latest definitions are protected by the following (AV) signature:OSX/Gimmick.A!tr
Envoyé Oui
Condensat access according actors affected all allows also any appears apt are as:customers asia asian asynchronous attacker attributed automatically aware based been china clean cloud command completed considered control coverage data definitions different directories discovered does drive environments exfiltrated file following follows fortiguard from further gimmick google group groups has hosted implant information instructions labs lateral latest machine macos makes malicious malware movement moves nation nature new not observed once only operating other out pattern perform place platforms predefined protected rat really rely remote report researchers run running seen server set signature:osx/gimmick similar specifically state status steps stores stormcloud systems targeting these traffic trojan undetected uploaded used users using variant variants various victim volexity what will windows would
Tags Malware
Stories
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: