FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks

From thehackernews.com

White Rabbit

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called “White Rabbit” that was recently deployed against a local bank in the U.S. in December 2021.

That’s according to new findings published by Trend Micro, calling out the malware’s overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February 2021.

“One of the most notable aspects of White Rabbit’s attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine,” the researchers noted. “This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis.”

Read more…