SoreFang
The SoreFang malware is a small implant that was used as first-stage malware in the 2020 attacks against high-profile medical research institutes and hospitals situated in Canada, the United Kingdom, and the United States. The cyberattack campaign has been attributed to APT29, an Advanced Persistent Threat (APT) group that is believed to be backed by the Russian government. The goal of the SoreFang malware is to extract information about the software and hardware of the infected system, and then download an additional payload that will be executed immediately.
SoreFang shares a lot of similarities with the WellMess malware that the APT29 hackers used in their earlier campaigns – however, SoreFang has been stripped off of many features, and its primary purpose is to deliver additional malware after collecting data about the compromised network.
The SoreFang attacks are executed by exploiting vulnerabilities in the Internet-enabled services running on the targeted systems – this means that the crooks are likely to manually deploy and run copies of the malware. There is suspicion that the SoreFang may be used exclusively against devices manufactured by SangFor, but this is yet to be confirmed since the attacks are still ongoing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.