Symantec: Cranefly hackers using novel techniques to install malware

Symantec researchers found that Cranefly hackers have been using a novel technique to install new malware and other tools. Exfoliated data could not be seen by researchers due to the hidden trace activity, but it is assumed that the group’s motivation is intelligence gathering.

Symantec researchers have found a novel technique used by Cranefly hackers to install new malware named Trojan.Danfuan and other tools. This technique ‘reads commands from seemingly innocuous Internet Information Services (IIS) logs’. Mandiant found in May 2022 that that the hacker group had targeted corporate emails that contained information regarding corporate development, mergers and acquisitions, and large corporate transactions. Symantec researchers stated that the new technique used by hackers hides the traces of activity on victims’ machines, and so they were unable to see exfoliated data. However, the tools deployed to conceal the activity indicate that ‘the most likely motivation for this group is intelligence gathering’.