The Water Scylla attack exploits compromised websites and the Keitaro Traffic Distribution System (TDS) to distribute SocGholish malware, tricking users into downloading fake browser updates. Once executed, SocGholish facilitates data theft, persistence, and lateral movement within the network. Attackers leverage PowerShell scripts and credential theft tools to escalate privileges and gain deeper access. Ultimately, RansomHub ransomware is deployed, encrypting files and demanding payment. The campaign primarily targets organizations worldwide, with a focus on the US, Japan, and Taiwan.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox