At a glance.
- Gootloader's evolution.
- Yandex source code leaked.
- New GRU wiper malware active against Ukraine.
- Latvia reports cyberattacks by Gamaredon.
- Russia and the US trade accusations of malign cyber activity.
- A hacktivist auxiliary's social support system.
- LockBit impersonators seen operating in northern Europe.
Mandiant has published a report outlining “notable changes” to the Gootloader malware over the course of 2022. The researchers say these changes “include the use of multiple variations of the FONELAUNCH launcher, the distribution of new follow-on payloads, and changes to the GOOTLOADER downloader and infection chain, including the introduction of GOOTLOADER.POWERSHELL.” The malware is also using new techniques for obfuscation. Gootloader is distributed via malicious business-related documents hosted on compromised websites.