Cyber Heist Alert: CL-CRI-1014’s Comedic Capers in Africa’s Financial Sector!
Unit 42 has discovered a new malicious campaign targeting financial organizations in Africa. The attackers, tracked as CL-CRI-1014, are like door-to-door salesmen of cybercrime, gaining initial access and then selling it on the dark web. They use open-source tools such as PoshC2, Chisel, and PsExec to infiltrate systems.
Hot Take:
Ah, the thrill of being an initial access broker! It’s like being a real estate agent for cybercriminals, except instead of selling beachfront properties, you’re selling the keys to someone else’s financial vaults in Africa. Who knew cybercrime could be so real estate chic? But hey, at least these hackers are resourceful, using open-source tools like they’re shopping at a cyber thrift store. It’s just a shame that their shopping list includes PsExec, Chisel, and Classroom Spy, and not something more benign like a nice houseplant.
Key Points:
- Unit 42 from Palo Alto Networks identified a campaign targeting African financial organizations.
- The attackers, dubbed CL-CRI-1014, have been active since at least 2023.
- They act as initial access brokers, gaining access and selling it on the dark web.
- Tools used include PoshC2, Chisel, PsExec, and Classroom Spy.
- PsExec and Chisel are used to bypass defenses and facilitate network attacks.