Threat actors target law firms with GootLoader and SocGholish malware


Researchers from eSentire have foiled 10 cyberattacks targeting six different law firms throughout January and February of 2023.

The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware.

“The attacks emanated from two separate threat campaigns. One campaign attempted to infect law firm employees with the GootLoader malware. The other campaign hit law firm employees and other victims with the SocGholish malware.” reads the analysis published by the experts.

GootLoader runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. GootLoader has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike. In the past, GootLoader distributed malware masquerading as freeware installers and it used legal documents to trick users into downloading these files. 

Read more…