Researchers have identified a new collaborator in the continued Shamoon attacks against Saudi organizations. Called Greenbug, this group is believed to be instrumental in helping Shamoon steal user credentials of targets ahead of Shamoon’s destructive attacks.
However, researchers know about as much about Greenbug as they do Shamoon; which isn’t much. But, that’s slowly changing.
On Tuesday, Arbor Networks said that it has new leads on a credential stealing remote access Trojan (RAT) called Ismdoor, used by Greenbug to steal credentials on Shamoon’s behalf.
Powered by WPeMatico