August 5, 2024 at 05:15PM
Hunters International ransomware group has launched the SharpRhino remote access trojan (RAT) to target IT professionals, using it to breach corporate networks and deploy ransomware. The malware is disseminated through typosquatting and impersonation. Notable victims include Austal USA, Hoya, Integris Health, and the Fred Hutch Cancer Center. Quorum Cyber discovered the malware and advocates for careful online behavior and cybersecurity measures.
Based on the meeting notes, it is clear that Hunters International ransomware group is using a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. To disseminate the malware, they are impersonating the website for Angry IP Scanner, a legitimate networking tool used by IT professionals. Some of the notable victims of their attacks include U.S. Navy contractor Austal USA, Japanese optics giant Hoya, Integris Health, and the Fred Hutch Cancer Center.
The SharpRhino RAT spreads as a digitally signed 32-bit installer containing a self-extracting password-protected 7z archive with additional files to perform the infection. The malware’s analysis reveals that it can execute PowerShell commands on the host, which can be used to perform various dangerous actions. Additionally, Hunters International is using new tactics to impersonate legitimate open-source network scanning tools to target IT workers with elevated privileges.
To mitigate the effects of ransomware attacks, it is recommended to establish a backup plan, perform network segmentation, and ensure all software is up to date to reduce opportunities for privilege elevation and lateral movement. Users are advised to be cautious of sponsored results in search results, use ad blockers, and bookmark official project sites to evade malvertising and procure safe installers.
Let me know if there’s anything else you’d like me to delve into or any conclusions to draw from these meeting notes.