Malicious activities associated with a new and upcoming cybercrime group, dubbed FusionCore, have come to the notice of researchers. Active since November 2022, the threat actor group is specialized in offering Malware-as-a-Service (MaaS) and other hacking services.
The group has also created a separate ransomware affiliate program called AnthraXXXLocker.
Malware offered by FusionCore
According to a report by Cyfirma, the hacker group provides a wide range of new and custom malware such as Typhon Reborn, RootFinder stealer, Strontium stealer, RootFinder miner, Golden Mine, ApolloRAT, Cryptonic crypter, and SarinLocker ransomware.
- Most of these malware are written in C++, C#, and Go language and can be used to launch stealthy and persistent attacks.
- The group also heavily relies on open-source tools such as Obfuscar and NBMiner to offer enhanced evasion and cryptocurrency mining capabilities.
Timeline of evolution
- FusionCore evolved into the MaaS group after its founder, who goes by the handle ‘Hydra,’ saw an influx of demand for infostealer malware in the first half of 2022.
- The attackers had different Telegram channels to sell the malware until in November they joined hands to launch one portal.
- It is assumed that the threat actors are operating in Europe. So far, the known targets of FusionCore include Lindesberg Municipality in Sweden and an infosec company in Asia Pacific.
About the new SarinLocker ransomware
SarinLocker ransomware is sold at a price of $20 for a month and $100 for a lifetime by NecroSys, one of the primary associates of the FusionCore group.
- It was first launched in November 2022 and includes the ability to wipe the decryption key from the infected device’s memory.
- It uses a telegram channel to send the stolen data to threat actors.
Conclusion
The FusionCore group is set to further enhance its malware arsenal as it continues to come up with its own set of malware, especially new info-stealers. Additionally, more affiliates are expected to join the group in the coming months, representing a looming threat to the cyber ecosystem.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/f3ab_shutterstock_640377106.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000020639831_Small.jpg)
