Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

Oct. 31, 2024, 8 p.m.

Description

LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The group maintains affiliations with ransomware operators like ALPHV/BlackCat, sharing infrastructure and tools. LUNAR SPIDER's adaptability is evident in their use of over 200 malicious infrastructures across different malware families. Their latest campaign employed obfuscated JavaScript to deliver Brute Ratel C4, establishing persistence and command-and-control communication.

Date

Published: Oct. 31, 2024, 8:23 a.m.

Created: Oct. 31, 2024, 8:23 a.m.

Modified: Oct. 31, 2024, 8 p.m.

Attack Patterns

Latrodectus

Brute Ratel C4

IcedID - S0483

LUNAR SPIDER

T1547.001

T1573

T1105

T1071

T1102

T1204

T1027

T1566

T1190

T1059

Additional Informations

Finance

Russian Federation