RIG Exploit Kit Reaches All-Time High Success Rate
February 27, 2023
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history. By exploiting relatively old Internet Explorer vulnerabilities, such as CVE-2016-0189, CVE-2019-0752, CVE-2020-0674, and CVE-2021-26411, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. According to a detailed report by Prodaft, whose researchers gained access to the service's backend web panel, the exploit kit remains a significant large-scale threat to individuals and organizations.
RIG EK primarily pushes information-stealing and initial access malware, with Dridex being the most common (34%), followed by SmokeLoader (26%), RaccoonStealer (20%), Zloader (2.5%), Truebot (1.8%), and IcedID (1.4%). As Prodaft researcher stated, “The RIG administrator had taken additional manual configuration steps to ensure that the malware was distributed smoothly. Considering all these facts, we assess with high confidence that the developer of Dridex malware has a close relationship with the RIG's admins.”
- Fortinet Clarifies Reports of CVE-2022-39952 Exploitation
- Hundreds of Popular Container Images Contain Hidden Vulnerabilities
- Weaponizing of CVE-2022-47966 Vulnerability Detected
- Cisco Patches High-Severity Vulnerabilities in ACI Software
- Hundreds of R1Soft Servers Compromised Through CVE-2022-36537
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.