Chris Clements, VP of Solutions Architecture at Cerberus Sentinel explains how Ramsay spy framework was built to subvert air-gapped defenses
Ramsay Spy Framework Built To Subvert Air-Gapped Defenses
May 15, 2020
“The Ramsay malware has all the hallmarks of a state-sponsored intelligence operation. It has capabilities to restrict its behavior to specific targets, which are typically not seen in general cybercrime malware built to infect indiscriminately.
Furthermore, “It’s designed to spread itself onto air-gapped computers, which are found in the highest security networks such as those used by militaries and other intelligence organizations…The presence of Korean language metadata and code similarities to the Retro malware strain by the DarkHotel group could indicate that the South Korean government is involved in Ramsay’s creation, although attribution is fraught in these instances, as false-flag operations are techniques that can be used by intelligence agencies.” – Chris ClementsClick Here To Read The Full Story…