Subscribe
About

Bluebottle cyber crime group active in Africa

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 19 Jan 2023

In the last few months, Bluebottle, a notorious cyber crime group has had entities in the financial sector in its crosshairs.

Targets are in French-speaking African countries and have been hit by a combination of spear phishing attacks, as well a malware using job opportunities, as a lure.

So says Kaspersky, adding that this group is known for fooling victims into clicking on bad attachments that enable malware like NanoCore RAT, Cybergate, Adwind, WSH-RAT, and Houdini to be downloaded.

“They have been operating for a while now, using Dynamic DNS services to control their command and control servers,” says Sergey Lozhkin, lead security researcher at Kaspersky.

According to the security giant’s ‘Crimeware and financial cyberthreats in 2023’ report, it is vital for organisations to look beyond threats facing traditional financial institutions, and assess financial threats on an industry level.

Statistics reveal that there were multiple infections of GU Loader malware downloading various tools such as CobaltStrike and .NET loaders, in the Central African Republic between August to October last year.

However, Kaspersky does not track this infection to any specific campaign or group of cybercriminals, adds Lozhkin.

Kaspersky anticipates that an increasing number of APT groups will move from CobaltSrike to other alternatives.

This can be attributed to the fact that CobaltStrike has gained significant attention from defenders, making it likely that bad actors will start using new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all of which offer new capabilities and more advanced evasion techniques.

Moreover, given the current political climate, Kaspersky experts predict a record number of disruptive and destructive cyberattacks in 2023, affecting both the public sector and key industries.

It is likely that a number of them will not be easily traceable to cyberattacks and will look like random accidents.

This is where malware security protection becomes essential. It provides an invaluable second layer of protection for a computer or network, he says.

“A robust antivirus software package is the primary component of technological defences for companies in the financial sector. Well-designed antivirus protection has several characteristics: it checks any newly downloaded program to ensure that it is malware-free; it periodically scans the computer to detect and defeat any malware that might have slipped through; and it is regularly updated to recognise the latest threats,” ends Lozhkin.

Share