| Category | Details |
|---|---|
| Threat Actors | Ramnit Gang |
| Campaign Overview | Ongoing campaigns targeting e-commerce brands and hospitality giants, particularly during the holiday shopping season. |
| Target Regions (Or Victims) | North America, Europe, and Australia. Targets include consumers, e-commerce platforms, hospitality services, and recruitment sites. |
| Methodology | - Web injections to steal credentials and payment card details. - Delivery through malicious macros in booby-trapped files. - Uses obfuscated scripts. |
| Product Targeted | Payment card data, e-commerce accounts, and online banking credentials. |
| Malware Reference | Ramnit, a banking Trojan active since 2010, leveraging Zeus Trojan code for web injections. |
| Tools Used | - External web injection scripts from C2 servers. - Booby-trapped productivity files with malicious macros. |
| Vulnerabilities Exploited | Not directly mentioned; relies on social engineering and malicious macros to infect devices. |
| TTPs | - Credential and payment data theft via real-time web injections. - C2 communication for script injections. - Blocking access to security sites. |
| Attribution | IBM X-Force research indicates Ramnit is operated by the same gang since its inception. |
| Recommendations | - Monitor and block traffic to malicious domains. - Educate users about phishing and macro-based attacks. - Deploy endpoint protection tools. |
| Source | Security Intelligence |
Read full article: Read More
Disclaimer: The above summary has been generated by an AI language Model.
Leave a Reply