Wednesday, October 27, 2021

PYSA Ransomware Gang adds Linux Support

Key Take Aways

The first Linux version of ChaChi, a Golang based DNS tunneling backdoor, was recently observed on VirusTotal.

The malware is configured to use domains associated with ransomware actors known as PYSA, aka Menipoza Ransomware Gang.

PYSA’s ChaChi infrastructure appears to have been largely dormant for the past several weeks, mostly parked and apparently no longer operational.

We assess with moderate confidence this sample represents the PYSA actor expanding into targeting Linux …

Read More

Latest news
Related news