The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason.
The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation.
“The threat actor displayed fast-moving behaviors, quickly heading to control the network it infected, and getting elevated privileges in less than 4 hours,” Cybereason said in an analysis published February 8, 2023.