Both campaigns by the group used spear-phishing emails as the primary entry vector to deliver its malware. It embeds the malware in a password-protected archive or shares a link to download it, luring the victim with information about a person.
To date, in the criminal underground, there is not as much discussion around DeimosC2 as an alternative, but attackers might be using DeimosC2 in the near future as a tool of choice and as part of their migration away from Cobalt Strike.
Recently, we came across an exploitation attempt leveraging monitoring and visualization tool Weave Scope to enumerate the AWS instance metadata service (IMDS) from EC2 instances through environment variables and the IMDS endpoint.
It was found that the oil and gas industry averaged 6 days for system outages due to cyberattacks, one day longer than five days for other industries. In addition, 65% of respondents said that the system stopped for more than four days.
Ransomware attacks on industrial targets continue to rise, accounting for more than half of all malware on industrial endpoints. They have also become highly sophisticated, able to exploit long unpatched vulnerabilities as well as zero-days.