Contact Contact Us

Multiple Financial Institutions Hit by Commoditised Tools

West African financial institutions have been targeted in a series of cyber attacks that leverage living off the land tactics and off-the-shelf, commodity malware. The attacks were observed since mid-2017 and affected organisations in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast. The latest attack detected in December 2018 was directed at a financial organisation in Ivory Coast where the Imminent Monitor remote access tool (RAT) was deployed. The attacker also used legitimate administrative tools at the compromised host such as PowerShell, PsExec, UltraVNC and RDP to maintain persistence and execute payload. While commodity malware are not as powerful or stealthy as custom-developed tools, it adds a level of anonymity to the attacks, making attribution difficult.

References:
[1] West African Financial Institutions Hit by Wave of Attacks

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883