LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

Tags

External References

• https://blog.eclecticiq.com/
• https://otx.alienvault.com/

Description

LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The group maintains affiliations with ransomware operators like ALPHV/BlackCat, sharing infrastructure and tools. LUNAR SPIDER's adaptability is evident in their use of over 200 malicious infrastructures across different malware families. Their latest campaign employed obfuscated JavaScript to deliver Brute Ratel C4, establishing persistence and command-and-control communication.

Date