Jérôme SeguraThere's a new player in the 'fake updates' arena. Thanks to @rmceoin for initially posting about it here.
Randy@jeromesegura Great write up! I like the name. My script had a lame name fakeupdate2.py. I'll be renaming that bad boy to fakesg.py !
BTW, I noticed that the various google-analytiks sites use Keitaro just like the normal SocGholish. Seems to be a fan favorite for TAs.
google-analytiks[.]com/admin/
@rmceoin the similarities are so striking. The blog does not cover any background intel on the threat actor, but I’m hoping others come forward with additional details.