VayGren and Mr.Burns: Strong Ties in Finance

July 10, 2024, 10:18 a.m.

Description

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

Date

Published Created Modified
July 10, 2024, 9:49 a.m. July 10, 2024, 9:49 a.m. July 10, 2024, 10:18 a.m.

Indicators

Attack Patterns

Additional informations