GOLD GILBERT
Objectives
Aliases
Tools
SUMMARY
GOLD GILBERT is the name used by the CTU to characterize a series of intrusions in 2014 focused on billing and illegitimate fraud payment transfers. Links to other open source reporting identifies this group as involved in classic '419 scams', and in 2014/15 CTU researchers assessed with moderate confidence that the group was based out of Nigeria.
Campaigns were characterized by spear phishing being used to install the DarkComet and Netwire RATs. The group has used commercially available loaders/decoders, such as the AutoIT-based DataScrambler, to enable these RATs to evade AV detection. GOLD GILBERT appears to concentrate on targeting purchasing staff when identified, and uses forged invoices and access to legitimate email accounts to conduct fraud.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.