Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
17-Apr-23
Threat actors linked to the Vice Society ransomware gang have been seen employing a custom PowerShell-based application to hide and automate the data exfiltration process from affected networks.
“Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms,” said Ryan Chapman of Palo Alto Networks Unit 42.
