Active since 2015 and among the most prevalent and persistent strains of malware families since 2018, LokiBot has matured over time to target multi-sector industries. Despite its apolitical targeting of critical infrastructure, the malware’s adverse effect on the Healthcare and Public Health (HPH) sector shows its reach. In March 2020, a multi-threat actor spearphishing campaign to spread LokiBot malware with a false World Health Organization trademark image solidified its threat to the HPH sector. In addition to other malware analyses, HC3 reported on this specific cyberattack in a 2020 HC3 Sector Note on LokiBot. The malware has been widely used for years, and because of behavior changes, it takes a lot of effort to monitor. However, there are some best practices for protecting against LokiBot and managing its impact. What follows is an update to the previous HC3 analysis of LokiBot, a timeline of multi-sector targeted applications, detection strategies, sample MITRE ATT&CK techniques, indicators of compromise, and recommended defenses and mitigations against the malware.
Read the full report at HHS.gov