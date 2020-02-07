Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Gorgon Group Grows More Sophisticated

New research has revealed that the threat group behind the cryptocurrency-stealing MasterMana botnet has grown increasingly sophisticated and is now trapping victims through spoofed login portals.

Gorgon Group has been observed targeting the European Union as well as Dubai's main electrical/water utility DEWA with fake login pages that are highly convincing.

The illicit activity was detected by researchers at cyber-intelligence firm Prevailion, who published a report yesterday on the growing threat posed by Gorgon Group. 

In another newly detected campaign, researchers observed Gorgon Group using a clever social engineering scheme targeting Spanish/Portuguese speakers with typo-squatted hotel websites and spoofed reservation confirmations.

Historically, the group has relied on cheap malware obtained via the dark web to orchestrate their dastardly scams, but researchers say that Gorgon Group is now developing and customizing these tools to become even more dangerous. 

"I am surprised at the level of sophistication that this group has shown over the past year," Prevailion's director of intelligence analysis, Danny Adamitis, told Infosecurity Magazine. "During this time, they have taken a number of steps in order to increase their operational security both against network and host-based detection. 

"One example is their use of the new 'office.dll' that would elevate the actor’s privilege level and then disable Windows Defender. Another example is the actor going back and modifying an old Pastebin post in order to make tracking their activity more difficult."

Along with the new "office.dll," Gorgon Group has rocked out a variant of the NJrat trojan and a new, trojanized PowerPoint file, as well as a downloader that references the lyrics of rapper Drake.

Adamitis, whose favorite Drake track is "God's Plan," said it was difficult to predict how the threat group would evolve.

He said: "Unfortunately we don't have enough data at this time to make any sound conclusions about their intent."

It is not currently known from where Gorgon Group operates, though Adamitis speculates that the group is operating out of Pakistan.  

Adamitis said: "We have observed some Gorgon Group activity occurring from Pakistani-based IP addresses; however, IP addresses can be spoofed. We do not have enough evidence at this time to make any definitive comments on attribution."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Crypto Exchange Loses "Almost All Funds" in Hack

2
News

90% of UK Data Breaches Due to Human Error in 2019

3
News

Porn Sites Suffer Highest Number of DDoS Attacks

4
News

Coronavirus Attacks Aim to Spread Malware Infection

5
News

FBI Issues Valentine Romance Scam Warning

6
News

Maze Ransomware Hits Law Firms and French Giant Bouygues

1
News

Crypto Exchange Loses "Almost All Funds" in Hack

2
News

Lawyers Could Net $30m in Yahoo Data Breach Settlement

3
News

Gorgon Group Grows More Sophisticated

4
Blog

Security by Sector: Cyber-Attack Could Create Financial Crisis, Says ECB Chief

5
News

White Hats Shine a Light on Philips Hue Hack

6
News

UK Government Under Fire Over NSO Group Links

1
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

2
Webinar

Making a SOAR Strategy Work For You

3
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

4
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

5
Webinar

AI in Security: Keeping Up with the Trend

6
Webinar

New Year, New Decade, New Threats and Challenges

1
Blog

Big Data, Big Risks: Addressing the High-Tech & Telecoms Threat Landscape

2
News

#BSidesLeeds: Cyber is Running the World, More Innovation to Come

3
Interview

Interview: Shahrokh Shahidzadeh, CEO, Acceptto

4
Blog

Why the Travelex Incident Portends the Changing Nature of Ransomware

5
Interview

Interview: Jonathan Armstrong, Partner, Cordery

6
Opinion

The Risk of Increase in Social Cyber Security in 2020