Since July 2023, cybersecurity researchers have reported cyber attacks targeting financial institutions in Africa, tracked under the name CL-CRI-1014 by Palo Alto Networks Unit 42. The attacks utilize a combination of open-source tools to secure access and are believed to be orchestrated by initial access brokers aiming to monetize their findings. These threat actors disguise their malicious tools as legitimate applications, employing strategies including the deployment of PoshC2, Classroom Spy, and Chisel for various functions like command-and-control and network traffic tunneling to avoid detection and expand their foothold in compromised systems.
Cybersecurity researchers have identified a series of cyber attacks targeting African financial institutions, primarily aiming to sell initial access to other criminals.
The use of tools like PoshC2, Classroom Spy, and Chisel indicates a sophisticated operation attempting to maintain access while masquerading as legitimate software.
Collection
[
|
...
]