CISA Alert: LokiBot Malware

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about the LokiBot malware, which it notes it has observed a notable increase in the use of by malicious cyber actors since July 2020. According to the alert, LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases. The alert provides technical details of LokiBot, including its techniques described in terms of the MITRE ATT&CK framework. It also offers recommend measures for federal, state, local, tribal, territorial government, private sector users, and network administrators to strengthen the security posture of their organization’s systems. Read the advisory at CISA.