07/29/2021 | News release | Distributed by Public on 07/29/2021 13:10
Emerging in-the-wild in 2013, Hancitor malware (also known as Chanitor) relies on social engineering techniques such as appearing to be from the legitimate document signing service DocuSign®. This malware deceives victims into allowing its malicious macro code to execute, thus dropping itself onto the victim's machine.
After connection with its command-and-control (C2) infrastructure, Hancitor will attempt to download a wide range of further malicious components depending on its operators' latest malicious campaign objectives.
Most recently, Hancitor has been downloading known-malware family Ficker (also known as FickerStealer) as well as a Cobalt Strike beacon payload onto victims' devices.
The BlackBerry Research & Intelligence Team has analyzed the attack methods used by this threat, and in addition to recommending basic cyber hygiene steps, strongly urges BlackBerry customers to ensure their systems have the following BlackBerry® Cyber Suite components enabled with a blocking policy to detect threats that trigger the specific rule noted below.
BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.
BlackBerry customers can feel confident that our AI-driven BlackBerry Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are well-equipped to mitigate the risks posed by threat actors utilizing malware such as Hancitor:
Prevention First
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.
By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps reduce infrastructure complexity and streamline security management to ensure business, people, and endpoints are secure.
BlackBerry Assistance
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us at [email protected], or use our handraiser form.
Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.
The BlackBerry Research and Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.