Fog ransomware hackers, identified for concentrating on US instructional establishments, at the moment are utilizing respectable worker monitoring software program Syteca, and a number of other open-source pen-testing instruments alongside traditional encryption.
Whereas investigating a Might 2025 assault on an unnamed monetary establishment in Asia, Symantec researchers noticed hackers utilizing Syteca (previously Ekran) and a number of other pen-testers, together with GC2, Adaptix, and Stowaway, a habits they discovered “extremely uncommon” in a ransomware assault chain.
Reflecting on the shift in Fog’s ways, Bugcrowd’s CISO, Trey Ford, mentioned, “We must always count on the usage of bizarre and legit company software program because the norm—we discuss with this as “dwelling off the land”. Why would an attacker introduce new software program, create extra noise in logs, and improve the probability of detection when ‘allowable’ software program will get the job accomplished for them?“
