IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

1 year ago AndyC

Mar
09,
2023Ravie
LakshmananLinux
/
Endpoint
Security

A
previously
known
Windows-based
ransomware
strain
known
as
IceFire
has
expanded
its
focus
to
target
Linux
enterprise
networks
belonging
to
several
media
and
entertainment
sector
organiza

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks



Mar
09,
2023Ravie
LakshmananLinux
/
Endpoint
Security


IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A
previously
known
Windows-based
ransomware
strain
known
as
IceFire
has
expanded
its
focus
to
target
Linux
enterprise
networks
belonging
to
several
media
and
entertainment
sector
organizations
across
the
world.

The
intrusions
entail
the
exploitation
of
a
recently
disclosed
deserialization
vulnerability
in
IBM
Aspera
Faspex
file-sharing
software
(CVE-2022-47986,
CVSS
score:
9.8),
according
to
cybersecurity
company
SentinelOne.

“This
strategic
shift
is
a
significant
move
that
aligns
them
with

other

ransomware
groups
that
also
target
Linux
systems,”
Alex
Delamotte,
senior
threat
researcher
at
SentinelOne,

said
in
a
report
shared
with
The
Hacker
News.

A
majority
of
the
attacks
observed
by
SentinelOne
have
been
directed
against
companies
located
in
Turkey,
Iran,
Pakistan,
and
the
U.A.E.,
countries
that
are
not
typically
targeted
by
organized
ransomware
crews.


IceFire
was
first
detected
in
March
2022
by
the

MalwareHunterTeam,
but
it
wasn’t
until
August
2022
that
victims
were

publicized
via
its
dark
web
leak
site,
according
to

GuidePoint
Security,

Malwarebytes,
and

NCC
Group.


IceFire Ransomware

The

ransomware
binary
targeting
Linux
is
a
2.18
MB
64-bit
ELF
file
that’s
installed
on
CentOS
hosts
running
a
vulnerable
version
of
IBM
Aspera
Faspex
file
server
software.

It’s
also
capable
of
avoiding
encrypting
certain
paths
so
that
the
infected
machine
continues
to
be
operational.


WEBINAR

Discover
the
Hidden
Dangers
of
Third-Party
SaaS
Apps

Are
you
aware
of
the
risks
associated
with
third-party
app
access
to
your
company’s
SaaS
apps?
Join
our
webinar
to
learn
about
the
types
of
permissions
being
granted
and
how
to
minimize
risk.

RESERVE
YOUR
SEAT

“In
comparison
to
Windows,
Linux
is
more
difficult
to
deploy
ransomware
against–particularly
at
scale,”
Delamotte
said.
“Many
Linux
systems
are
servers:
typical
infection
vectors
like
phishing
or
drive-by
download
are
less
effective.
To
overcome
this,
actors
turn
to
exploiting
application
vulnerabilities.”

The
development
comes
as
Fortinet
FortiGuard
Labs

disclosed
a
new
LockBit
ransomware
campaign
employing
“evasive
tradecraft”
to
avoid
detection
through
.IMG
containers
that
bypass
Mark
of
The
Web
(MotW)
protections.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

13 hours ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

2 days ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

2 days ago AndyC
Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

3 days ago AndyC
10 Critical Endpoint Security Tips You Should Know

10 Critical Endpoint Security Tips You Should Know

3 days ago AndyC
New 'Brokewell' Android Malware Spread Through Fake Browser Updates

New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

3 days ago AndyC

You may have missed

Kaspersky boosts email security features after 77% of firms hit by cyber attacks

Kaspersky boosts email security features after 77% of firms hit by cyber attacks

47 mins ago AndyC
Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

53 mins ago AndyC
Creating new opportunities with AI-driven automation

Creating new opportunities with AI-driven automation

58 mins ago AndyC
Barracuda report explores challenges in managing cyber risks

Barracuda report explores challenges in managing cyber risks

4 hours ago AndyC
Aqua Security launches SaaS cloud security platform in Australia

Aqua Security launches SaaS cloud security platform in Australia

4 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.