Some cybercriminal groups are sophisticated, create advanced schemes, cooperate with other attackers and do everything to stay under the radar. Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.
Our guest, ESET senior malware researcher Jakub Souček, talks about his investigation into CosmicBeetle’s toolkit written in Delphi, and the fact that their malware is controlled via graphical user interface (GUI) with buttons and text fields necessary to set up, control and run any attack on victims’ devices.
Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.
For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode. To read more about activities of CosmicBeetle or other cybercriminal and state-aligned actors, follow ESET Research on X (formerly known as Twitter) and check out our latest blogposts and white papers.
If you like what you hear, subscribe for more on Spotify, Apple Podcasts, or PodBean.