On 25th April, Antuit Cyber Intelligence Research Team (“ACIRT”) intercepted communications between threat actors in a few specific hacker forums, indicating a collusion to distribute a Double-Face Cryptominer malware targeting Financial, Energy, Retail and FMCG enterprises.
Earlier on 9th May, we had observed additional Indicators of Attack suggesting that the malware is in the wild. Involvement of threat actor group BOLIC is confirmed.
In last 24 hours, ACIRT has gathered additional Indicators of Compromise (IoC) which are closely associated with the threat actors and the above-mentioned campaign
Analysis of captured threat actor footprints and correlation with external threat vectors indicate that this is a possible threat, and your organization is advised to take precautionary measures as highlighted in this report.