A hacking team that leveraged a lately disclosed security flaw in the WinRAR application as a zero-day has now been classified as an solely new advanced persistent risk (APT).
Cybersecurity firm NSFOCUS has described DarkCasino as an “economically enthusiastic” actor that to start with arrived to light in 2021.
“DarkCasino is an APT threat actor with powerful technological and learning skill, who is fantastic at integrating a variety of popular APT attack technologies into its attack system,” the corporation explained in an analysis.
“Assaults released by the APT team DarkCasino are incredibly repeated, demonstrating a robust drive to steal online home.”
DarkCasino was most lately joined to the zero-day exploitation of CVE-2023-38831 (CVSS rating: 7.8), a security flaw that can be weaponized to start malicious payloads.
In August 2023, Team-IB disclosed true-planet attacks weaponizing the vulnerability aimed at on-line investing forums at minimum given that April 2023 to deliver a final payload named DarkMe, which is a Visual Basic trojan attributed to DarkCasino.
The malware is outfitted to gather host details, choose screenshots, manipulate documents and Windows Registry, execute arbitrary instructions, and self-update by itself on the compromised host.
While DarkCasino was earlier classified as a phishing campaign orchestrated by the EvilNum group targeting European and Asian online gambling, cryptocurrency, and credit score platforms, NSFOCUS said its steady monitoring of the adversary’s actions has allowed it rule out any prospective connections with regarded risk actors.
The specific provenance of the menace actor is at this time unknown.
“In the early times, DarkCasino mostly operated in nations around the world about the Mediterranean and other Asian nations applying on-line fiscal solutions,” it mentioned.
“A lot more not too long ago, with the change of phishing solutions, its assaults have achieved end users of cryptocurrencies globally, even such as non-English-speaking Asian nations such as South Korea and Vietnam.”
Various threat actors have joined the CVE-2023-38831 exploitation bandwagon in modern months, like APT28, APT40, Dark Pink, Ghostwriter, Konni, and Sandworm.
Ghostwriter’s attack chains leveraging the shortcoming have been noticed to pave the way for PicassoLoader, an intermediate malware that functions as a loader for other payloads.
“The WinRAR vulnerability CVE-2023-38831 brought by the APT team DarkCasino brings uncertainties to the APT attack problem in the second half of 2023,” NSFOCUS said.
“Many APT groups have taken gain of the window time period of this vulnerability to attack critical targets this sort of as governments, hoping to bypass the security process of the targets and attain their functions.”
Observed this article exciting? Observe us on Twitter and LinkedIn to examine much more unique material we article.
Some parts of this article are sourced from:
thehackernews.com