Mad Liberator: A New Cyber Threat Emerges
In the month of July, a new cyber threat known as Mad Liberator made its presence felt in the digital realm. This malicious entity utilizes the Anydesk program along with social engineering tactics to infiltrate the systems of various companies, pilfer valuable data, and demand a ransom. Learn more about Mad Liberator here.
The experts at Sophos recently unveiled the attack methods employed by this group, providing insights based on a specific incident they investigated.
Unlike typical ransomware operators, Mad Liberator does not focus on encrypting files. Instead, it prioritizes the theft of information and threats of data leakage. Moreover, the group operates a website where they publicly disclose stolen data unless the ransom demands are met.
Mad Liberator gains access to systems by leveraging the Anydesk program, commonly used by organizations for remote computer management. Victims unknowingly grant access to their devices, assuming the connection requests are initiated by their IT departments. Once access is obtained, the attackers initiate a fraudulent Windows update process.
As the user is distracted by the phony update, the hackers proceed to access OneDrive storage and files on the company’s server. Through the Filetransfer feature in Anydesk, confidential data is siphoned off. Additionally, the attackers utilize the Advanced IP Scanner to probe other devices on the network. In the specific case analyzed, the extortionists targeted the main computer, overlooking other potentially lucrative systems.
The entire attack spanned nearly 4 hours, during which the perpetrators concluded the fake update and terminated the Anydesk session, relinquishing control back to the victim. Notably, the malware was manually operated without an automatic restart mechanism, rendering it dormant on the victim’s system post-attack.