CredRaptor
The TeleBots hacking group is back in action after laying low for a rather long time. The group is best known for being involved in what is considered to be the first power outage (blackout) caused by a cyber-attack/malware. The group's arsenal includes top-of-the-shelf cyber-threats that are used during different stages of the attacks, and often aim to be as destructive as possible. Some of the more notorious malware associated with the activity of the TeleBots group is:
- The Industroyer backdoor used against the Ukrainian power grid.
- BlackEnergy – Also used against the Ukrainian energy sector.
- Petya Ransomware – Dangerous ransomware that encrypts the hard drive's Master Boot Record (MBR) instead of separate files.
- KillDisk Ransomware – A disk wiper that makes file recovery impossible by securely erasing the file types it targets.
TeleBots Continue to Improve Its CredRaptor Infostealer
The most recent news surrounding the activity of the TeleBots group involves two new malware samples – the Exaramel Backdoor and the CredRaptor credential stealer. The latter threat has only been used in combination with the Exaramel backdoor so far, and it can collect a lot of information from compromised computers.
CredRaptor, in particular, has been used by the group since 2016, but TeleBots members are improving it constantly by expanding the range of software it targets, as well as optimizing its info-stealing abilities. The current variant of the CredRaptor stealer can obtain:
- FTP passwords from FileZilla, CuteFTP, ClassicFTP, BulletProof FTP Client and other FTP clients.
- Passwords, Autofill information, and other data stored in the Web browsers Mozilla Firefox, Opera, Internet Explorer and Google Chrome.
- Passwords stored in Microsoft Outlook.
CredRaptor also targets the Windows Vault password-managing service, which may prove to be a huge issue since it may enable the attackers to steal the credentials of webmasters, therefore allowing them to reach other computers on the same network.
The CredRaptor stealer is used on its own rarely, and the TeleBots group seems to drop it in combination with other tools found in their arsenal.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.