Operators of the SolarMarker information-stealing malware, also known as Jupyter Infostealer, Yellow Cockatoo, Deimos, and Polyzert, have bolstered defenses against law enforcement crackdown operations through a multi-tiered infrastructure, reports The Hacker News.
Such an infrastructure is comprised of four layers of interconnected command-and-control servers, two of which are for the infostealer’s active operations and two others that have been leveraged to target various sectors, including the government, healthcare, education, and small and medium-sized enterprises, a report from Recorded Future’s Insikt Group revealed.
“The Tier 4 server is considered the central server of the operation, presumably used for effectively administering all downstream servers on a long-term basis. Although the precise purpose of this server remains unknown, we speculate that it is used for monitoring, possibly serving as a health check or backup server,” said researchers.
Such a development comes after SolarMarker attacks were reported by eSentire to involve the delivery of the SolarPhantom backdoor, as well as a previous Morphisec study associating the infostealer with Russian threat actors.