"GhostSec Evolves With Website Compromise Tools"

According to security researchers at Cisco Talos, the hacking group GhostSec has significantly increased its malicious activities over the past year.  This surge includes the emergence of GhostLocker 2.0, a new variant of ransomware developed by the group using the Golang programming language.  The researchers noted that GhostSec, in collaboration with the Stormous ransomware group, has been conducting double extortion ransomware attacks across multiple countries and business sectors.  Additionally, they have launched a ransomware-as-a-service (RaaS) program called STMX_GhostLocker, offering various options for affiliates.  The researchers noted that they recently uncovered two new tools in GhostSec’s arsenal: the “GhostSec Deep Scan tool” and “GhostPresser,” both likely utilized in attacks against websites.  These tools enable the scanning of legitimate websites and the execution of cross-site scripting (XSS) attacks, respectively.  The joint operations of GhostSec and Stormous have affected victims globally, including in Cuba, Argentina, Poland, China, and Israel, among others.  The researchers stated that the groups have targeted various industries, mainly technology and education. 

Infosecurity Magazine reports: "GhostSec Evolves With Website Compromise Tools"