RATANKBA: Delving into Large-scale Watering Holes against Enterprises
Contents
Malware
RATANKBA: Delving into Large-scale Watering Holes
We provide further analysis and insights regarding the RATANKBA malware, which was tied to malware attacks against banks in Poland, but also in a string of similar incidents involving financial institutions in different countries.
Save to Folio
In early February, several financial organizations reported malware infection on their workstations, apparently coming from legitimate websites. The attacks turned out to be part of a large-scale campaign to compromise trusted websites in order to infect the systems of targeted enterprises across various industries. The strategy is typically known as a “watering hole” attack.
It was all sparked by a spate of recent malware attacks on Polish banks entailing a reportedly unknown malware in their own terminals and servers, along with the presence of dubious, encrypted programs/executables, and more prominently, suspicious network activity. More malware are delivered to the affected systems which were seen connecting to unusual and far-flung locations worldwide, …
RATANKBA: Delving into Large-scale Watering Holes
We provide further analysis and insights regarding the RATANKBA malware, which was tied to malware attacks against banks in Poland, but also in a string of similar incidents involving financial institutions in different countries.
Save to Folio
In early February, several financial organizations reported malware infection on their workstations, apparently coming from legitimate websites. The attacks turned out to be part of a large-scale campaign to compromise trusted websites in order to infect the systems of targeted enterprises across various industries. The strategy is typically known as a “watering hole” attack.
It was all sparked by a spate of recent malware attacks on Polish banks entailing a reportedly unknown malware in their own terminals and servers, along with the presence of dubious, encrypted programs/executables, and more prominently, suspicious network activity. More malware are delivered to the affected systems which were seen connecting to unusual and far-flung locations worldwide, …
IoC
http://eye-watch.in:443
http://sap.misapor.ch
http://sap.misapor.ch