Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

17-Apr-23

Threat actors linked to the Vice Society ransomware gang have been seen employing a custom PowerShell-based application to hide and automate the data exfiltration process from affected networks.

“Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms,” said Ryan Chapman of Palo Alto Networks Unit 42.

Read More…