"DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals"

Security researchers at WithSecure believe that Vietnam-based cybercriminals are behind attacks using DarkGate malware, which have targeted organizations in the UK, US, and India since 2018.  The researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts.  The researchers noted that the DarkGate and Ducktail campaigns have been linked based on observed non-technical indicators.  These include lure files, themes, targeting, and delivery methods.  The researchers also analyzed associated metadata, including LNK File metadata, PDFs created using the Canva design service/tool, and MSI files created using an unlicensed version of EXEMSI.

 

Infosecurity reports: "DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals"

Submitted by Adam Ekwall on