New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
We recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a legitimate browser-related file, Edge.exe (originally named cookie_exporter.exe), to sideload a malicious msedge.dll (SWORDLDR), which subsequently deployed the Charon ransomware payload.
To read the complete article see:
This post is licensed under CC BY 4.0 by the author.