Growing AceCryptor attacks in Europe

2024-03-20 11:00

ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023.

In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms started utilizing AceCryptor, which was not the case beforehand.

Based on the behavior of deployed malware, ESET researchers assume that these campaigns aimed to obtain email and browser credentials for further attacks against the targeted companies.

"In these campaigns, AceCryptor was used to target multiple European countries, and to extract information or gain initial access to multiple companies. Malware in these attacks was distributed in spam emails, which were in some cases quite convincing; sometimes the spam was even sent from legitimate, but abused, email accounts," says ESET researcher Jakub Kaloč, who discovered the latest AceCryptor with Rescoms campaign.

AceCryptor samples they've observed in the second half of 2023 often contained two malware families as their payload: Rescoms and SmokeLoader.

While it is unknown whether the credentials were gathered for the group that carried out these attacks or if those stolen credentials would be later sold on to other threat actors, it is certain that successful compromise opens the possibility for further attacks, especially for ransomware attacks.

News URL

https://www.helpnetsecurity.com/2024/03/20/acecryptor-attacks-increase/

#attack #europe