With the number of attacks rising throughout 2020 and 2021 researchers have noted another trend. “Malware as a Service” and partnerships to strengthen the chances of successful operations. As Emotet strikes grew in 2020 and 2021 it would move beyond initial infection sometimes using TrickBot and Ryuk throughout the attack. The separation of these roles allow groups the time to focus on evolving their specific technique without having to pivot and develop remaining phases. FIN6 and Trickbot were observed working together beginning mid 2020 utilizing Trickbot’s framework to drop a backdoor created by FIN6 establishing persistence and means for data exfiltration. As attackers pick up the pace, APT groups willing to use different malware created by third party malware developers can sacrifice stealth for ease of access. Malware already observed in use is documented and tracked allowing for easier detection.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased