September 30, 2023

The Agenda ransomware group has been observed using the Rust programming language to develop new malware and use it to breach several companies.

It claimed to have breached on its leak site are located in various countries and victims belong to the manufacturing and IT industries. They have a combined revenue of around $550m.

Advertisements

A sample of the ransomware written in Rust language and the variant has also been seen using intermittent encryption tactics to deliver faster encryption and avoid detection more efficiently. Earlier with Go language as backend, it is found targetting Thailand and Indonesia

Unlike the previous Golang variant, the Agenda ransomware group did not include the victim’s credentials in the Rust variant’s configuration.

This feature of the latter prevents other researchers not only from visiting the ransomware’s chat support site but also accessing the threat actors’ conversations when a sample becomes available externally.

Rust is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines. Rust is also being increasingly used by Google to increase the security of the Android OS.

Advertisements

Indicators of Compromise

  • e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527
  • 55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1
  • 37546b811e369547c8bd631fa4399730d3bdaff635e744d83632b74f44f56cf6
Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: