Security News > 2023 > October > Researchers uncover DarkGate malware’s Vietnamese connection

Researchers uncover DarkGate malware’s Vietnamese connection
2023-10-20 10:58

WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam.

DarkGate is a remote access trojan that has been used in attacks since at least 2018 and is currently available to cybercriminals as Malware-as-a-Service.

WithSecure researchers began their investigation into DarkGate after detecting multiple infection attempts against organizations in the UK, US, and India.

Based on non-technical indicators, such as lure files, themes, targeting, and delivery methods, researchers were able to tie these attempted attacks back to the same threat actors using the Ducktail infostealer that WithSecure researchers have been tracking for approximately the last year and half.

"The DarkGate attacks we observed have very strong identifiers-identifiers which allowed us to establish links between these attacks and others we've seen using different infostealers and malware, including Ducktail. Based on what we've observed, it is very likely that a single actor is behind several of the campaigns we've been tracking that target Meta Business accounts," said WithSecure Senior Threat Intelligence Analyst Stephen Robinson.

Other types of malware researchers tied to the same threat actors include Ducktail, Lobshot, and Redline Stealer.


News URL

https://www.helpnetsecurity.com/2023/10/20/darkgate-malware/