216.73.217.176

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

· Published 21/04/2025 12:43 · Modified 21/04/2025 13:15

Export JSON

Essential information

Published
21/04/2025 12:43
Modified
21/04/2025 13:15
Tags
2025-04-21 data exfiltration doge foggyweb multi-stage phishing privilege-escalation ransomware sandbox evasion
Related entities
6 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 9 others

Description

An investigation of nine malware samples revealed FOG being distributed by cybercriminals impersonating the Department of Government Efficiency (). The , spread via email and attacks, is concealed in a ZIP file named 'Pay Adjustment.zip'. The infection chain involves a operation, downloading various scripts and executables. The checks for sandbox environments, decrypts its payload, and drops a ransom note. FOG has targeted multiple sectors, including technology, education, manufacturing, and transportation. The campaign either involves original FOG operators using references to troll users or other actors embedding FOG for impersonation purposes.

External references