""We're tracking Rhysida's current campaign leveraging malicious advertisements to deliver OysterLoader malware (also known as Broomstick and CleanUpLoader)," Expel threat intel analyst Aaron Walton said in a Friday blog. According to the managed detection and response firm, the OysterLoader campaign began in June and remains ongoing. "We've seen new advertisements, new domains, and new malware as recently as this past Wednesday," Walton told The Register."
"Rhysida operates as a ransomware-as-a-service (RaaS) model, with core developers providing malware tools and infrastructure to affiliates, who carry out attacks and take a share of the ransom profits. The group has been operating since at least 2021 as Vice Society (aka Vice Spider, Vanilla Tempest) and using various ransomware variants before rebranding as Rhysida in 2023 and using Rhysida ransomware in its attacks."
"Rhysida has posted 27 organizations on its data leak site since June, and around 200 since 2023. Its total victim count is likely higher, as the ones that end up on the leak site are those who did not pay the ransom demand. The gang's latest campaign uses malvertising to deliver OysterLoader, previously known as Broomstick and CleanUpLoader. With malvertising, the criminals buy search engine ads"
Rhysida places fake Microsoft Teams search ads to trick users into visiting malicious sites that deliver OysterLoader (aka Broomstick, CleanUpLoader). The OysterLoader malvertising campaign began in June and remains active, with new advertisements, domains, and malware observed. Rhysida also uses Latrodectus malware for initial network access. The group previously ran a Teams-impersonation campaign from May to September 2024. Rhysida operates as a ransomware-as-a-service, supplying malware and infrastructure to affiliates who carry out attacks and share ransom profits. The group has posted 27 organizations on its leak site since June and about 200 since 2023, with likely higher overall victim counts.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]