Cybersecurity agencies have issued warnings about a new wave of cyber attacks affecting organizations in the U.S. and Canada. Attackers are utilizing various versions of the Truebot malware to steal sensitive data and gain financial benefits. Initially, the malware was delivered through phishing emails containing malicious attachments. However, hackers have now adapted their tactics, exploiting a remote code execution flaw to gain access to victims’ networks.
The Truebot malware is often accompanied by other malicious tools, including the wormable malware Raspberry Robin, the remote access tool Flawed Grace, the penetration testing tool Cobalt Strike, and the data exfiltration tool Teleport.
The notorious Clop Ransomware Gang has recently employed Truebot in their attack campaigns. This ransomware group has targeted users of Progress Software’s managed file transfer product, MoveIT Transfer.
To counter these threats, cybersecurity agencies recommend organizations to scan for malicious activity, apply relevant patches from vendors, and report any identified indicators of compromise (IOCs) to authorities. Additionally, implementing multi-factor authentication (MFA) is crucial for preventing unauthorized access.