Ransomware

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment

(Adobe Stock)

SC Media reports an attack involving a new Python backdoor believed to include artificial intelligence-based code has been launched by an affiliate of the RansomHub ransomware-as-a-service operation last quarter.

GuidePoint Security found that the Initial access facilitated by suspected SocGholish malware was followed by the deployment of the backdoor, installation of Python and needed libraries within the targeted "connecteddevicesplatform" folder, establishment of the Python proxy script, and the exploitation of Windows scheduled tasks for persistence.

After using TCP connections to link to hardcoded IP addresses, the backdoor proceeded with lateral movement through a SOCKS5-like tunnel, said researchers.

Such findings come after RansomHub was reported by ESET to be the most active RaaS operation during the second half of 2024 after compromising almost 500 organizations in less than a year.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.