Security News > 2023 > August > Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally.

The Slovak cybersecurity firm, which dubbed the threat actor CosmicBeetle, said the origins of the Spacecolon date back to May 2020.

While the exact provenance of the adversary is unclear, several Spacecolon variants are said to contain Turkish strings, likely pointing to the involvement of a Turkish-speaking developer.

The primary component of Spacecolon is ScHackTool, a Delhi-based orchestrator that's used to deploy an installer, which, as the name implies, installs ScService, a backdoor with features to execute custom commands, download and execute payloads, and retrieve system information from compromised machines.

The ultimate goal of the attacks is to leverage the access afforded by ScService to deliver a variant of the Scarab ransomware.

CosmicBeetle's financial motives are further bolstered by the fact that the ransomware payload also drops a clipper malware to keep tabs on the system clipboard and modify cryptocurrency wallet addresses to those under the attacker's control.

News URL

https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html