"Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks"

The Gootloader Group is using GootBot, a new destructive post-compromise tool that spreads bots throughout enterprise environments following infiltration. According to researchers with the IBM X-Force threat intelligence group, Gootloader has been active since 2014 and uses Search Engine Optimization (SEO) poisoning to trick victims into downloading infected business document templates for initial compromise. Gootloader would typically broker that access to other threat groups, who would then spread throughout the network using tools such as CobaltStrike or Remote Desktop Protocol (RDP). The much more destructive GootBot post-compromise malware launches a bot army that is difficult to detect. Each bot is controlled by its own Command-and-Control (C2) server running on a compromised WordPress site. This article continues to discuss Gootloader's post-compromise GootBot attacks.

Dark Reading reports "Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks"

Submitted by grigby1