According to a recent analysis from Microsoft’s Security Threat Intelligence team, in one of its campaigns, hackers used Google Ads to spread several payloads, which resulted in the deployment of the Royal ransomware.
Microsoft is tracking the group as ‘DEV-0569’ after discovering the updated malware delivery technique in late October 2022.
“Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation”, Microsoft’s Security Threat Intelligence team
The techniques that DEV-0569 particularly focuses on are malvertising and phishing Hyperlinks that lead to malware downloaders disguising themselves as software installers or updates embedded in spam emails, fake forum pages, and blog comments.
DEV-0569’s Tactics, Techniques, And Procedures (TTPs)
Researchers say the…