Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits

Nov. 6, 2024, 8:33 p.m.

Description

A large-scale phishing campaign deploying the latest version of Rhadamanthys stealer (0.7) has been discovered. The campaign, dubbed CopyRh(ight)adamantys, uses copyright infringement claims to target various regions globally. It impersonates numerous companies, mainly from Entertainment/Media and Technology/Software sectors, sending tailored emails to specific entities. The campaign's sophistication suggests the use of automation and possibly AI tools for lure distribution. The latest Rhadamanthys version claims to include AI-powered text recognition, though analysis reveals it uses older machine learning techniques typical of OCR software. The campaign's wide targeting and tactics indicate it's likely orchestrated by a financially motivated cybercrime group rather than a nation-state actor.

Date

Published: Nov. 6, 2024, 6:33 p.m.

Created: Nov. 6, 2024, 6:33 p.m.

Modified: Nov. 6, 2024, 8:33 p.m.

Attack Patterns

Rhadamanthys

T1012

T1552

T1497

T1087

T1573

T1518

T1082

T1083

T1071

T1055

T1134

T1204

T1132

T1027

T1112

T1056

T1001

T1566

T1059

Additional Informations

Technology

Entertainment

Media

United States of America