Kaspersky cautions against Bluebottle cybercrime group active in Africa

Over the past several months, cybercrime group Bluebottle has been targeting companies in the financial sector in French-speaking African countries with a combination of spear phishing attacks and malware centred around job opportunities, Kaspersky warned.

“The Bluebottle crew is known for tricking victims into clicking on bad attachments that unleash malware like NanoCore RAT, Cybergate, Adwind, WSH-RAT, and Houdini. They have been operating for a while now, using Dynamic DNS services to control their command and control servers,” says Sergey Lozhkin, Lead Security Researcher at Kaspersky:

According to Kaspersky’s ‘Crimeware and financial cyberthreats in 2023’ report, it is critical for companies to look beyond threats facing traditional financial institutions. Bluebottle reinforces this as it targets the financial sector in general. It therefore becomes essential to assess financial threats on an industry level. Whether it is Bluebottle or other cybercrime groups, the golden thread tying them all together is the pursuit of financial profit.

“Kaspersky statistics show that there were multiple infections of GU Loader malware downloading various tools (CobaltStrike .NET loaders) in the Central African Republic from August to October last year. However, we do not track this infection as any campaign or a group of cybercriminals,” adds Lozhkin.

Kaspersky anticipates that an increasing number of APT groups will move from CobaltSrike to other alternatives. This can be attributed to the fact that CobaltStrike has gained significant attention from defenders, making it likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.

Furthermore, given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks this year, affecting both the government sector and key industries. It is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents. This is where malware security protection becomes essential. It provides an invaluable second layer of protection for a computer or network.

“A robust antivirus software package is the primary component of technological defences for companies in the financial sector. Well-designed antivirus protection has several characteristics. It checks any newly downloaded program to ensure that it is malware-free. It periodically scans the computer to detect and defeat any malware that might have slipped through. It is regularly updated to recognise the latest threats,” concludes Lozhkin.