Hackers fork open-source reverse tunneling tool for persistence
Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.
Although no concrete connection between groups has been uncovered, the operational tactics, targeting scope, and malware customization capabilities signify a potential connection.
As detailed in a report sent to Bleeping Computer by Security Joes, the threat actors observed in an attack against one of its clients in the gambling/gaming industry where a mix of custom-made and readily available open-source tools were used.
The most notable cases are a modified version of Ligolo, a reverse tunneling utility that's freely available for pentesters on GitHub, and a custom tool to dump credentials from LSASS....