I have a t-shirt that proudly and loudly proclaims that it gets worse before it gets worse. It just got worse for Microsoft users. Hot on the heels of Windows 10, 11 and Server users being urged to update as a zero-day vulnerability in the Windows kernel was confirmed as exploited in the wild, so another series of ongoing attacks has been reported. This time, regarding the dangerous crypto-stealing malware that was thought to be killed off during the still-active joint security agency assault known as Operation Endgame way back in May.
Microsoft Windows Devices Targeted By Newly Emerged DanaBot 669 Attackers
It had been thought by many in the cybersecurity world that the threat posed by the DanaBot malware, a nasty trojan that was being rented out to cybercriminals with the ready cash, had come crashing to a halt in May after Operation Endgame which took down, it was thought, the infrastructure used by the perpetrators. That operation, jointly executed by security agencies across the U.S., U.K., and Europe, involved 20 international arrest warrants being issued alongside the undoubted criminal campaign disruption. But that was then, and this is now.
It would appear that DanaBot is back, with a vengeance. According to cybersecurity researchers at Zscaler, posting to X, “Danabot has resurfaced with version 669 after nearly a 6-month hiatus following the Operation Endgame law enforcement actions in May.”
Using a rebuilt infrastructure, it looks like initial access brokers, are heading back to the old favorite. Talking of which, DanaBot attacks are noted to include the by now traditional and sadly all-too-expected methods of malicious emails as well as malvertising campaigns.
Microsoft Users Should Upgrade Their Security Tools, End Users Stay Alert
“Considering the previous DanaBot venture ended with officials seizing millions in stolen cryptocurrency and 16 associated individuals being arrested and charged,” Ross Filipek, the chief information security officer at Corsica Technologies told me, “it’s somewhat surprising to see DanaBot rebound just six months later with an overhauled infrastructure.” This, Filipek surmised, could be down to some core members of the group behind the original DanaBot not being apprehended and therefore able to regroup “and resurface with an improved version of their malware.”
Filipek recommended that all organizations using Microsoft Windows devices should “upgrade their security tools to include advanced network monitoring and intrusion detection systems,” to identify “suspicious outbound traffic or encrypted communications.” End users, meanwhile, need to remain alert to the threat of both phishing emails and search engine malvertising campaigns.
