Dual Russian cyber gangs hit 23 companies. [Research Saturday]

Ryan Westman, Senior Manager, Threat Intelligence at eSentire's Threat Response Unit (TRU) discusses two Russian-speaking cyber gangs targeting 23 companies using malicious Google ads. They focus on popular business software like Zoom, Slack, and Adobe. The threat actors are part of Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. They target industries like manufacturing, software, legal, retail, and healthcare. This episode analyzes their tactics, malware types, and activities, including delivering ransomware, harvesting credentials, and installing remote access Trojans. The discussion also explores the capabilities and payment models of the cyber gangs, as well as incident response strategies and cybersecurity programs.