FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
Essential information
- Published
- 21/04/2025 12:43
- Modified
- 21/04/2025 13:15
- Tags
- 2025-04-21 data exfiltration doge foggyweb multi-stage phishing privilege-escalation ransomware sandbox evasion
- Related entities
- 6 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 9 others
Description
An investigation of nine malware samples revealed FOG ransomware being distributed by cybercriminals impersonating the Department of Government Efficiency (DOGE). The ransomware, spread via email and phishing attacks, is concealed in a ZIP file named 'Pay Adjustment.zip'. The infection chain involves a multi-stage operation, downloading various scripts and executables. The ransomware checks for sandbox environments, decrypts its payload, and drops a ransom note. FOG ransomware has targeted multiple sectors, including technology, education, manufacturing, and transportation. The campaign either involves original FOG operators using DOGE references to troll users or other actors embedding FOG ransomware for impersonation purposes.