February 13, 2024 at 09:39AM
The PikaBot malware has evolved with significant changes, simplifying its code and network communications, making it more accessible for threat actors. With ongoing development, it remains a significant cyber threat. Additionally, a cloud account takeover campaign targeting Microsoft Azure environments has compromised hundreds of user accounts. Source: Newsroom Cyber Threat/Malware.
From the meeting notes, key takeaways are:
1. PikaBot malware has undergone significant changes described as “devolution”, with reduced complexity and modifications to network communications.
2. PikaBot and DarkGate have emerged as attractive replacements for threat actors to obtain initial access to target networks via phishing campaigns and drop Cobalt Strike.
3. The latest iteration of PikaBot (version 1.18.32) focuses on obfuscation, encryption algorithms, and C2 server network communications.
4. Proofpoint alerted of an ongoing cloud account takeover (ATO) campaign targeting Microsoft Azure environments and compromising user accounts, including those belonging to senior executives.
For more exclusive content, follow on Twitter and LinkedIn.