filmov
tv
New SharpRhino RAT Targets IT Pros with Ransomware – Stay Alert!
Показать описание
Hunters International Deploys SharpRhino RAT to Target IT Professionals
Introduction
In the rapidly evolving landscape of cyber threats, Hunters International has emerged as a significant player, deploying a new remote access trojan (RAT) known as SharpRhino. This sophisticated malware targets IT professionals by masquerading as a widely-used network scanning tool, Angry IP Scanner. By exploiting typosquatting domains, the group aims to compromise systems with high privileges, posing a serious threat to corporate networks.
Delivery Mechanism
Technical Details
The installation package includes a self-extracting, password-protected 7z archive containing additional files necessary for the malware to function. Upon execution, the malware performs the following actions:
• Registry Modification: Ensures persistence by altering registry settings.
• Directory Creation: Establishes directories for C2 communication, enhancing resilience against detection and removal.
• PowerShell Execution: Uses PowerShell scripts to compile C# code in memory, enabling the execution of various commands, including deploying ransomware payloads.
Impact and Scope
Since its inception in late 2023, Hunters International has executed 134 ransomware attacks in 2024 alone, targeting a diverse array of industries across the Americas, Europe, and Australia. The group has notably avoided targets within the Commonwealth of Independent States (CIS), suggesting potential affiliations with Russian cybercriminal entities.
Mitigation Strategies
To protect against SharpRhino and similar threats, IT professionals are advised to:
• Be Vigilant: Avoid downloading software from unofficial sources and be wary of typosquatting domains.
• Use Ad Blockers: Prevent exposure to malicious ads by using ad-blocking software.
• Maintain Backups: Implement a comprehensive backup strategy to ensure data recovery in case of an attack.
• Network Segmentation: Segment networks to limit the spread of malware and reduce the impact of breaches.
• Regular Updates: Keep all software and systems updated to mitigate vulnerabilities that could be exploited by malware.
Conclusion
SharpRhino represents a sophisticated threat in the arsenal of Hunters International, highlighting the need for continuous vigilance and robust cybersecurity practices among IT professionals. By understanding the delivery mechanisms and implementing effective mitigation strategies, organizations can better defend against such advanced threats and safeguard their critical infrastructure.
Sources:
• BleepingComputer, “Ransomware gang targets IT workers with new SharpRhino malware,” August 2024.
• SC Media, “SharpRhino RAT tied to Hunters International ransomware gang,” August 2024.
• Help Net Security, “Ransomware gang targets IT workers with new RAT masquerading as IP scanner,” August 2024.
• CyberMaterial, “Hunters International Reveals SharpRhino RAT,” August 2024.
Introduction
In the rapidly evolving landscape of cyber threats, Hunters International has emerged as a significant player, deploying a new remote access trojan (RAT) known as SharpRhino. This sophisticated malware targets IT professionals by masquerading as a widely-used network scanning tool, Angry IP Scanner. By exploiting typosquatting domains, the group aims to compromise systems with high privileges, posing a serious threat to corporate networks.
Delivery Mechanism
Technical Details
The installation package includes a self-extracting, password-protected 7z archive containing additional files necessary for the malware to function. Upon execution, the malware performs the following actions:
• Registry Modification: Ensures persistence by altering registry settings.
• Directory Creation: Establishes directories for C2 communication, enhancing resilience against detection and removal.
• PowerShell Execution: Uses PowerShell scripts to compile C# code in memory, enabling the execution of various commands, including deploying ransomware payloads.
Impact and Scope
Since its inception in late 2023, Hunters International has executed 134 ransomware attacks in 2024 alone, targeting a diverse array of industries across the Americas, Europe, and Australia. The group has notably avoided targets within the Commonwealth of Independent States (CIS), suggesting potential affiliations with Russian cybercriminal entities.
Mitigation Strategies
To protect against SharpRhino and similar threats, IT professionals are advised to:
• Be Vigilant: Avoid downloading software from unofficial sources and be wary of typosquatting domains.
• Use Ad Blockers: Prevent exposure to malicious ads by using ad-blocking software.
• Maintain Backups: Implement a comprehensive backup strategy to ensure data recovery in case of an attack.
• Network Segmentation: Segment networks to limit the spread of malware and reduce the impact of breaches.
• Regular Updates: Keep all software and systems updated to mitigate vulnerabilities that could be exploited by malware.
Conclusion
SharpRhino represents a sophisticated threat in the arsenal of Hunters International, highlighting the need for continuous vigilance and robust cybersecurity practices among IT professionals. By understanding the delivery mechanisms and implementing effective mitigation strategies, organizations can better defend against such advanced threats and safeguard their critical infrastructure.
Sources:
• BleepingComputer, “Ransomware gang targets IT workers with new SharpRhino malware,” August 2024.
• SC Media, “SharpRhino RAT tied to Hunters International ransomware gang,” August 2024.
• Help Net Security, “Ransomware gang targets IT workers with new RAT masquerading as IP scanner,” August 2024.
• CyberMaterial, “Hunters International Reveals SharpRhino RAT,” August 2024.
0:04:03
0:01:01
0:03:17
0:17:22
2:22:05
0:04:33