RansomHub Targets U.S. Government with Sophisticated SocGholish Attacks
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
RansomHub, a new ransomware group, is utilizing the SocGholish malware-as-a-service framework to conduct attacks against U.S. government entities and various sectors, reportedly affecting over 200 victims since early 2024, including Change Healthcare and Rite Aid. SocGholish, operational since 2018, lures users into downloading malicious software through deceptive browser and software updates, leveraging a network of compromised websites. The malware employs an obfuscated JavaScript loader and utilizes a traffic distribution system to direct users to these threats, while also incorporating Python-based backdoors for initial access to command and control servers in their ransomware operations.
