Bluebottle Continues Bank Heist Assault With Signed Malware

  /     /     /  
Publicated : 23/11/2024   Category : security


Bluebottle Continues Bank Heist Assault With Signed Malware


The financially motivated threat group, also known as OPERA1ER, demonstrated an evolution in tactics in its compromise of three Francophone financial institutions in Africa, likely adding to its $11 million to-date haul.



A criminal group, which has already stolen nearly $11 million by specializing in targeted attacks against the financial sector, has French-speaking African banks in its crosshairs in a recent campaign that demonstrates an evolution in tactics, researchers have found.
Bluebottle, aka
OPERA1ER
, compromised three different financial institutions in three separate African nations between mid-July and September, affecting multiple machines in all three organizations, researchers from Symantec
revealed in a blog post
published on Jan. 5.
Though its unclear if the group was able to capitalize financially on the activity, its significant because the different payloads and other tactics that Bluebottle used in the campaign vary from previous offensives by the group, Sylvester Segura, Symantec threat intelligence analyst, tells Dark Reading. 
In particular, Bluebottle used commodity malware GuLoader and malicious ISO files in the initial stages of the attack — which it hasnt done before — as well as abused kernel drivers with a signed driver that has been linked to other attacks such as ransomware, Segura says.
These all indicate the Bluebottle group is keeping up to date with the tools and techniques that other threat actors are currently using, he says. They may not be the most advanced, but this latest activity proves they are following attacker trends in tooling and techniques.
Indeed, the use of signed drivers in particular shows that Bluebottle — a financially motivated group first observed in 2019 — is aiming to up its game in this latest spate of activity, forcing enterprises to do the same in terms of defensive maneuvers, Segura says.
More and more less advanced attackers are aware of the impact they can have by disabling detection solutions through various means such as using signed drivers, he notes. To prevent the trust we put in software like signed drivers from becoming a single point of failure, enterprises need to employ as many layers of detection and protection as they reasonably can.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bluebottle Continues Bank Heist Assault With Signed Malware