Sophos released the Sophos 2022 Threat Report, which highlights how ransomware’s black hole is attracting other cyberthreats to form one vast, linked ransomware delivery system– with serious ramifications for IT security.
Cybercriminals use a variety of techniques and attacks. Sometimes they want to be seen, they want to cause demonstrative damage, for example in Distributed Denial of Service (DDoS) attacks on websites. Sometimes they want to distract attention from other attacks or just to test their skills, show their strength and make headlines.
Cobalt Strike use in malicious operations was largely associated with well-resourced threat actors, including large cybercrime operators like TA3546(also known as FIN7), advanced persistent threat (APT) groups such as TA423 (known as Leviathan or APT40).
Sophos researchers have named the platform, “Gootloader.” Gootloader is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France.