Outlaw: Researchers from Trend Micro have identified that after a few months of silence, the Outlaw crypto-mining group has returned. The group was last seen in June 2019, when they were using a similar toolkit to carry out attacks. In December, the group’s activities resumed, using an updated toolkit. The update to the kit expanded the scanner parameters and targets, looped execution of files via error messages, improved evasion techniques for scanning activities, and improved mining profits by killing off both the competition and their previous miners if they were found on the victim’s network. The kits that researchers were able to analyze appeared to be aimed at the finance and automotive industries, designed to steal information and launch subsequent attacks on already compromised systems. Based on these samples and the previous campaigns by the group, it is believed that Outlaw is aiming attacks at organizations that have security weaknesses due to their failure to update and patch their systems. The new malware version targets Linux and Unix servers, as well as Internet-of-Things (IoT) devices. The group is focused on entities within the United States and Europe.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased