Royal Ransomware Uses Callback Phishing To Carry Out Attacks

December 22, 2022

The group behind the Royal ransomware family was discovered targeting entities across multiple countries with most infections occurring in the United States, Brazil, and Mexico. Phishing emails along with social engineering were used to convince victims to install remote access software allowing the threat actor to gain control of the system. Various malware and open-source tools were used during the attacks including QakBot, Cobalt Strike, PCHunter, PowerTool, GMER, and Process Hacker.
Subscribe