Cert2Connect

Gootloader Drops Cobalt Strike Beacon Through SEO Poisoning

In February 2023 a security breach was identified where a user inadvertently downloaded and executed a file from a search result poisoned by SEO tactics resulting in a Gootloader infection. Subsequently Gootloader facilitated the deployment of a Cobalt Strike beacon payload into the hosts registry which was then executed in memory approximately nine hours later. The threat actor utilized SystemBC to tunnel RDP access into the network leading to compromises of domain controllers backup servers and other critical systems. The threat actor interactively reviewed sensitive files using RDP but it remains uncertain if any data was exfiltrated.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak