CoralRaider Cyber Threat: Global Phishing Attacks Deploy Trio of Stealthy Info Stealers
April 25, 2024![CoralRaider Cyber Threat: Global Phishing Attacks Deploy Trio of Stealthy Info Stealers](https://cdn.brief.news/images/stories/6fe4e614b83e188175a37bff0d4474ca10c01ebabc5fd38348cf962bd3f8b5d208135e22654b95d773d85e4917cbaf1708ac6f41b7ca54b8a705c8b7d8da7e28.jpg)
CoralRaider, a likely Vietnamese threat actor identified by Cisco's Talos, uses multiple information stealers to target global users.
Since 2023, CoralRaider expanded its operations to a broad range of countries including Ecuador, Egypt, Germany, Japan, and the US.
The attack vector is phishing emails with malicious links leading to ZIP files that initiate a sophisticated multi-stage infection.
The malware used includes CryptBot, LummaC2, and Rhadamanthys, aiming to steal browser data, cryptocurrency wallet info, and other sensitive data.
CoralRaider leverages a CDN cache to host malicious files, aiding in evasion of detection and complicating network defense efforts.
A wide range of users and business sectors are at risk due to the methods and scope of CoralRaider's phishing and malware distribution.
Summary based on 1 source
Get a daily email with more Tech stories
Source
![Threat Actor Uses Multiple Infostealers in Global Campaign](https://cdn.brief.news/images/links/6fe4e614b83e188175a37bff0d4474ca10c01ebabc5fd38348cf962bd3f8b5d208135e22654b95d773d85e4917cbaf1708ac6f41b7ca54b8a705c8b7d8da7e28.jpg)
SecurityWeek • Apr 24, 2024
Threat Actor Uses Multiple Infostealers in Global Campaign