Fog ransomware hackers, identified for focusing on US academic establishments, at the moment are utilizing reliable worker monitoring software program Syteca, and a number of other open-source pen-testing instruments alongside regular encryption.
Whereas investigating a Could 2025 assault on an unnamed monetary establishment in Asia, Symantec researchers noticed hackers utilizing Syteca (previously Ekran) and a number of other pen-testers, together with GC2, Adaptix, and Stowaway, a habits they discovered “extremely uncommon” in a ransomware assault chain.
Reflecting on the shift in Fog’s ways, Bugcrowd’s CISO, Trey Ford, mentioned, “We should always count on the usage of abnormal and legit company software program because the norm—we seek advice from this as “dwelling off the land”. Why would an attacker introduce new software program, create extra noise in logs, and improve the chance of detection when ‘allowable’ software program will get the job accomplished for them?“
