Monero Stealer “Outlaw Hacker Group” Reemerges After Long Silence


A cybersecurity firm Trend Micro has rediscovered the comeback of Outlaw Hacker Group after their previous analysis in June 2019. According to a report, this hacker group was earlier discovered to be using a botnet attacking strategy to mine cryptocurrency on victims’ computers.

The Trend Micro came across them and captured their mode of operation after observing their setup honeypot had detected a URL spreading botnets with an element associated with their previous attacks including the Perl-based backdoor components and SSH backdoor. They were said to be in their early stage of operation using China as their test ground. Since then, they had been in a long silence until December 2020.

Outlaw hacker group

Image Source:

The cybersecurity researchers noticed the activity of the Outlaw hacker group in December 2019 with more upgraded capabilities of their tools. This means they went dormant to develop their toolkits for a more dangerous attack as claimed by the report published by the Trend Micro. Their capability updates will see improved evasion techniques for scanning activities, expanded scanner parameters and targets, looped execution of files via error messages and improved mining profits which will be done by overcoming the competition and improving upon their previous miners.

Trend Micro set up a honeypot that got the attention of the hacker group, giving them a fair idea of how they operate. After a comprehensive analysis, it was agreed that the Outlaw hacker group actually upgraded their toolkits to go after both their old and new targets and enterprises that have not updated their systems. They may also go ahead to test their tools as they did some months ago. The researchers analyzed the obtained data and realized that the samples trace to 456 unique IP addresses. From this, it is obvious that they have upgraded their tools and will possibly lead an unexpected way of attack. They are expected to come after companies in the coming months according to the Trend Micro researchers.

Based on the analyzed sample, the Outlaw hacker group will be a threat to vulnerable servers and Internet of Things (IoT) devices, and Linux- and Unix- operating systems by taking advantage of available exploits and known vulnerabilities. The Outlaw hacker group used files making use of PHP based web shell to launch an attack on systems with weak Telnet credentials and SSH. Though there were multiple attacks on the networks launched by the Outlaw hacker group, there was no evidence of using Phishing or Social engineering in the campaign. The multiple attacks involved large scale scanning operation of IP ranges.

According to the analysis, this was launched from the command and control server. The Outlaw hacker group has carefully designed the toolkit in a way that can hide the activities if they notice the period of their operation coincides with the business hours of their target. This was mixed with script kiddie activities according to the report, and this can be mistaken for a grey noise online. This is actually an obfuscation technique as used by a number of malware developers. 

From the analysis, it was boldly stated that the Outlaw hacker group targets companies with internet-facing systems that have no monitoring and traffic activities, as well as companies that are yet to patch their systems. It was also said that the Outlaw hacker group will definitely infect a lot of companies anytime there is a patch released and waiting for downloads. This is because of the resources involved in running a complete patch of systems since some companies will consider the downtime for operation whiles others become hesitant in updating all their systems at the same time.

The Outlaw hacker group uses a lot of IP addresses as the input of scanning activities. These are grouped into countries to give them the edge to launch an attack on a region within a period of the year. They have upgraded the tools and mode of operation in diverse ways.

Outlaw Hacker Group

Image Source:

The report established that their grouping strategy will give them a clear idea of the region they attack and be able to avoid prosecution by not attacking some countries depending on the Laws in Europe. The Trend Micro researchers assured that they will continue to monitor the activity on the Outlaw hacker group on industries in the US and Europe.

It was recommended that enterprises invest in security tools that can defend against malicious bot-related activities through the cross generational-blend of threat defense techniques. It is important for companies to devote time to patch their systems to avoid incurring the larger cost, reputational damages, and a length downtime after being hit. Many other hacker groups are in operation with others still in their early stage of testing their tools, calling for the need to avoid being hesitant when it comes to putting cybersecurity measures in place.

Source: Trend Micro

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites


Please enter your comment!
Please enter your name here