Cybersecurity researchers have uncovered a new version of the Anchor malware that has been observed targeting Windows systems. Anchor is a backdoor malware that was first spotted in 2018 and helped threat actors communicate with C2 servers to ultimately deploy Conti ransomware. Anchor has been used to target multiple critical infrastructure sectors. This new variant, dubbed AnchorMail, employs an email-based C2 server and communicates via the SMTP and IMAP protocols over TLS. This helps threat actors avoid detection from common email-based security protocols. Additionally, its possible this new variant was developed by former Trickbot operators who have been working to create stealthier malware to assist other threat actors with ransomware attacks. Read more at Duo.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!