| SYMBOL | COMMON_NAME | aka. SYNONYMS |
CosmicBeetle is a threat actor known for deploying the ScRansom ransomware, which has replaced its previous variant, Scarab. The actor utilizes a custom toolset called Spacecolon, consisting of ScHackTool, ScInstaller, and ScService, to gain initial access through RDP brute forcing and exploiting vulnerabilities like CVE-2020-1472 and FortiOS SSL-VPN. CosmicBeetle has been observed impersonating the LockBit ransomware gang to leverage its reputation and has shown a tendency to leave artifacts on compromised systems. The group primarily targets SMBs globally, employing techniques such as credential dumping and data destruction.
| 2024-09-10
⋅
ESET Research
⋅
CosmicBeetle steps up: Probation period at RansomHub Scarab Ransomware SpaceColon CosmicBeetle |