Kaspersky, known for the antivirus tool of the same name, has been following attack campaigns from the DeathStalker Hack Group since around 2018. They have reportedly updated their ‘VileRat’ toolset to target crypto and currency exchange companies as well.
Expansion of sectors in which hackers attack
Previously, the hacker group mainly focused on law firms and organizations in the financial sector. So now they are expanding this to include the crypto sector. Given that the hackers are hireable, their attacks are often not politically or financially motivated.
Since 2020, the group has launched a new tool called VileRat. This is a toolset that is usually deployed after a complicated infection chain started by the hacker group. This usually starts with spearphishing emails. This often sends infected files, often in the form of a .DOC or .DOCX file. Using keywords in the title such as compliance or complaint will open the infected files more often. Once opened and the hackers gain access to the computer.
VileRat . Award
VileRat stands out for its advanced tools and malicious infrastructure. Numerous blackout techniques are also used in the VileRat campaign.
Since 2020, the hacker group has been making huge efforts to develop access to its targets, but also to maintain it. The potential purpose of the attacks varies widely, from due diligence, asset recovery, litigation or arbitration support, to sanctions evasion, but it does not appear to be an immediate financial gain at this point.
Also, VileRat does not target just a few countries. The attacks happening with VileRat are global, with compromised organizations in Bulgaria, Cyprus, Germany, the Grenadines, Kuwait, Malta, the United Arab Emirates and in Russia. Also, they don’t seem to target just the big companies, as the organizations attacked range from startups to established industry leaders and pretty much everything in between.
