Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector
1 min read
Summary
Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa.
The attackers use a consistent playbook, combining open-source and publicly available tools including PoshC2, Chisel and Classroom Spy.
These tools are disguised as legitimate products, with the threat actor copying signatures from legitimate applications and abusing trusted sites for malware delivery.
The threat actor signatures and domains have been added to our threat intelligence feeds.
These findings have been shared with our fellow Cyber Threat Alliance members, meaning protections can be rapidly deployed to customer environments, and malicious cyber actors disrupted.
