Security News > 2020 > June > InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
2020-06-18 09:30

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat group.

The updated InvisiMole toolset relies heavily on "Living off the land" techniques, which are used across its four different execution chains, abusing legitimate applications to perform malicious operations while flying under the radar.

The updated InvisiMole toolset also features a new component that uses DNS tunneling for stealthier command-and-control communication.

During their investigation, researchers found attempts to deploy the InvisiMole malware using server infrastructure that is known to be used by Gamaredon.

In its partnership with InvisiMole, researchers believe that Gamaredon plays a role in initially infiltrating networks of interest using these simple tools, and possibly gaining administrative privileges.


News URL

https://threatpost.com/invisimole-resurfaces-gamaredon-partnership/156674/