Tech »  Topic »  Fog Ransomware Attack Employs Unusual Tools

Fog Ransomware Attack Employs Unusual Tools

1 day, 7 hours ago   securityweek

A recent Fog ransomware attack stands out due to the use of a series of legitimate tools previously unseen in ransomware attacks, Symantec reports.

The attack was carried out in May 2025 against a financial institution in Asia and relied on Syteca (formerly Ekran), a legitimate employee monitoring software, and several open source pentesting utilities, namely GC2, Adaptix, and Stowaway.

The attackers compromised the organization’s network two weeks before deploying ransomware, and infected two Exchange servers in the process. The infection chain started with the open source penetration testing tools.

One of the utilities, GC2, can be used to execute commands using Google Sheets or Microsoft SharePoint List, and to exfiltrate data via Google Drive or Microsoft SharePoint documents. The tool was previously used by the Chinese state-sponsored hacking group APT41 in 2023.

The Fog attack also involved the use of Stowaway, an open source proxy utility, to deploy ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE