New Diicot Threat Group Targets SSH Servers with Brute-Force Malware


The Romanian anti-terrorism police unit’s new name is Diicot, and both organisations employ similar messaging and images. A new threat actor from Romania named Diicot is reportedly using unusual TTPs (Tactics, Techniques, and Procedures) and an intriguing attack pattern to target victims, according to researchers from Cado Labs.

The researchers discovered that the gang has been employing brute-force malware with payloads that have neither been disclosed publicly nor shown up in widely used repositories. Diicot has been operating since 2020, according to earlier investigations by Akamai and Bitdefender, and it mostly runs cryptojacking operations or develops malware for malware-as-a-service (MaaS).

Read More…