216.73.217.80

Updated Shadowpad Malware Leads to Ransomware Deployment

· Published 20/02/2025 10:44 · Modified 21/02/2025 14:59

Export JSON

Essential information

Published
20/02/2025 10:44
Modified
21/02/2025 14:59
Tags
2025-02-20 anti-debugging cqhashdumpv2 dns over https impacket intellectual property theft manufacturing multi-factor authentication bypass plugx ransomware remote network attacks shadowpad
Related entities
19 techniques (mitre), 9 malware, 9 others

Description

A recent investigation revealed malware being used to deploy a new family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the sector. Access was gained through , exploiting weak passwords and bypassing multi-factor authentication. The malware showed enhancements in techniques and encryption methods. Unusually, a previously unreported was deployed in some cases, mimicking the appearance of Kodex Evil Extractor but with different functionality. The attackers also used tools like and for post-exploitation activities. While attribution remains uncertain, there are weak links to the Teleboyi threat actor.

External references