Fog ransomware hackers, identified for concentrating on US academic establishments, at the moment are utilizing respectable worker monitoring software program Syteca, and a number of other open-source pen-testing instruments alongside standard encryption.
Whereas investigating a Might 2025 assault on an unnamed monetary establishment in Asia, Symantec researchers noticed hackers utilizing Syteca (previously Ekran) and a number of other pen-testers, together with GC2, Adaptix, and Stowaway, a habits they discovered “extremely uncommon” in a ransomware assault chain.
Reflecting on the shift in Fog’s ways, Bugcrowd’s CISO, Trey Ford, stated, “We must always anticipate the usage of abnormal and bonafide company software program because the norm—we consult with this as “residing off the land”. Why would an attacker introduce new software program, create extra noise in logs, and enhance the probability of detection when ‘allowable’ software program will get the job accomplished for them?“
