VERY IMPORTANT

During the period between January 15 and 20, Morphisec identified a significant campaign targeting multiple German customers from the manufacturing industry. Targeted personnel were redirected to compromised websites that were, and still are, delivering advanced fileless downloaders that eventually lead to an Osiris client with a bundled mini-Tor communicating to a C2 onion Tor panel. Following an additional investigation and sharing some of the TTPs with the community, we were notified of additional targeted countries such as the United States and Korea, which were delivered REvil and other payloads using the same delivery mechanism as described in the report.