A criminal group launched a multi-stage campaign earlier this year targeting e-commerce sites. The attack stole payment and user data using password-stealing malware. In February the group began using Vidar password stealer but then switched to Raccoon stealer to intercept passwords. The campaign started in February and ended in September, with the operators relying on specially crafted phishing pages and lure documents laced with malicious macros to download Raccoon information stealer malware onto victim systems. Raccoon is sold on dark web forums for about $200 a month and has 24×7 customer support through Telegram messenger for the criminals who lease it. Raccoon has a wide range of capabilities and communicates with a command-and-control (C2) server, also via Telegram messenger, to siphon off stolen data.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security