June 12, 2025 By Jonathan Greig
A cyberattack on a financial institution in Asia last month featuring the Fog ransomware has made a splash among researchers and incident responders due to the unusual tools and tactics involved.
Researchers at Symantec said the hackers used a legitimate employee monitoring software called Syteca — something they have never seen in a ransomware attack before. The actors also used several open-source pentesting tools that are also not typically deployed in advance of ransomware deployment.
Brigid O Gorman, senior intelligence analyst at Symantec, told Recorded Future News that they did not have enough evidence to link the attack to any specific nation state. But O Gorman said the “slightly unusual elements of this attack — the use of unusual tools, and establishing persistence after the ransomware is deployed — point to it being more than just a 'usual' ransomware attack.”
