Faou describes a previously unknown threat actor operating for over a decade named Moustachedbouncer.
His malware tools include spying plugins and a screenshotter, an audio recorder, and a file stealer.
The oldest sample of NightClub dates back to November 19, 2014, and was uploaded to VirusTotal from Ukraine.
A hitherto undocumented threat actor active for nearly a decade and codenamed MoustachyBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.
Faou explains that the ISP-level traffic is altered to make it appear that the infected webpages do not originate from a captive portal but from a legitimate, but fake Windows Update URL.
For IPv6 addresses, the malicious URLs redirect to a virusTotal page masquerading as a legitimate one.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply