CoralRaider Cyber Threat: Global Phishing Attacks Deploy Trio of Stealthy Info Stealers

April 25, 2024
CoralRaider Cyber Threat: Global Phishing Attacks Deploy Trio of Stealthy Info Stealers
  • CoralRaider, a likely Vietnamese threat actor identified by Cisco's Talos, uses multiple information stealers to target global users.

  • Since 2023, CoralRaider expanded its operations to a broad range of countries including Ecuador, Egypt, Germany, Japan, and the US.

  • The attack vector is phishing emails with malicious links leading to ZIP files that initiate a sophisticated multi-stage infection.

  • The malware used includes CryptBot, LummaC2, and Rhadamanthys, aiming to steal browser data, cryptocurrency wallet info, and other sensitive data.

  • CoralRaider leverages a CDN cache to host malicious files, aiding in evasion of detection and complicating network defense efforts.

  • A wide range of users and business sectors are at risk due to the methods and scope of CoralRaider's phishing and malware distribution.

Summary based on 1 source


Get a daily email with more Tech stories

Source

Related Stories