The Interlock ransomware group, active since September 2024, is utilizing a newly discovered remote access trojan (RAT) called NodeSnake, particularly targeting educational institutions. QuorumCyber's research reveals infections in UK universities as early as January and March 2025. NodeSnake employs deceptive tactics, masquerading as legitimate processes to maintain presence in networks. Its development is ongoing, as seen in the variations of malware samples. The group also uses phishing attacks and advanced evasion techniques, highlighting an increased threat that organizations, especially in education, must be prepared to combat.
The Interlock ransomware gang is using the unreported NodeSnake RAT targeting educational institutions for persistent network access, demonstrating its evolving threat to corporate security.
QuorumCyber's research shows NodeSnake being deployed against universities, indicating Interlock's ongoing attacks in 2025 and highlighting the need for vigilance against evolving ransomware tactics.
Collection
[
|
...
]