010

Cybersecurity researchers report an ongoing campaign since July 2023 targeting financial institutions in Africa by an actor Unit 42 calls CL-CRI-1014, believed to be an initial access broker using tools such as PoshC2, Chisel, Classroom Spy and MeshCentral, credential theft, spoofed legitimate application icons and multiple persistence mechanisms; the document also highlights Trustwave's discovery of Dire Wolf, a Golang ransomware with 16 claimed victims and capabilities to disable logging, kill services/applications and delete shadow copies.