The Threat CodexApr 24, 2024
Suspected CoralRaider continues to expand victimology using three information stealers
#CoralRaider #CryptBot #LummaC2Stealer #RhadamanthysStealer
https://blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/
Suspected CoralRaider continues to expand victimology using three information stealers

By Joey Chen, Chetan Raghuprasad and Alex Karkins.  * Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. * Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass

Cisco Talos Blog
Cisco TalosApr 23, 2024
We have new research on the #CoralRaider APT out this morning. They've added three new information-stealing #Malware families to their arsenal, allowing them to expand the geographies they target https://blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/
Suspected CoralRaider continues to expand victimology using three information stealers

By Joey Chen, Chetan Raghuprasad and Alex Karkins.  * Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. * Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass

Cisco Talos Blog
Anonymous 🐈️🐾☕🍵🏴🇵🇸 Apr 4, 2024

⚠️ Vietnamese hacking group, #CoralRaider, targets multiple Asian countries with data-stealing malware, stealing credentials & financial data to sell on underground markets.

https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html

#cybersecurity #hacking

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

CoralRaider, a suspected Vietnamese threat actor, has been on the prowl since May 2023, targeting Asia and Southeast Asia with malware aimed at steali

The Hacker News
Not SimonApr 4, 2024

Cisco Talos discloses a new Vietnamese financially-motivated actor dubbed CoralRaider, targeting victims in several Asian and Southeast Asian countries since at least 2023. They focus on stealing victims’ credentials, financial data, and social media accounts, including business and advertisement accounts. Known malware used are a QuasarRAT variant called RotBot, and XClient stealer. TTPs include abusing a legitimate service to host the C2 configuration file and uncommon living-off-the-land binaries (LoLBins), including Windows Forfiles.exe and FoDHelper.exe. IOC provided. 🔗 https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/

#CoralRaider #Vietnam #cybercrime #threatintel #IOC #QuasarRAT #RotBot #XClient #LoLBin

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

Cisco Talos Blog
Cisco TalosApr 4, 2024
New research out this morning on a new APT from Vietnam we're calling #CoralRaider. It's out to steal important login credentials, banking information and take over targets' social media accounts https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/
CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

Cisco Talos Blog