by MTHULISI SIBANDA
JOHANNESBURG – FRENCH-speaking African countries are under threat from the Bluebottle cyber crime group.
The group is targeting companies in the financial sector with a combination of spear phishing attacks and malware centred around job opportunities.
Sergey Lozhkin, Lead Security Researcher at Kaspersky, said the Bluebottle crew is known for tricking victims into clicking on bad attachments that unleash malware like NanoCore RAT, Cybergate, Adwind, WSH-RAT and Houdini.
Bluebottle apparently has been operating for a while now, using Dynamic DNS services to control their command and control servers.
According to Kaspersky’s ‘Crimeware and Financial Cyberthreats in 2023’ report, it is critical for companies to look beyond threats facing traditional financial institutions.
Bluebottle reinforces this as it targets the financial sector in general.
Kaspersky statistics show multiple infections of GU Loader malware downloading various tools (CobaltStrike .NET loaders) in the Central African Republic (CAR) from August to October last year.
The cyber security company anticipates that an increasing number of Advanced Persistent Threat (APT) groups will move from CobaltSrike to other alternatives.
This can be attributed to the fact that CobaltStrike has gained significant attention from defenders, making it likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja.
Furthermore, given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyber attacks this year, affecting both the government sector and key industries.
Companies have been advised to implement malware security protection measures.
“A robust antivirus software package is the primary component of technological defences for companies in the financial sector,” Lozhkin said.
– CAJ News