Misplaced Pages

Stargazer Goblin

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article is an orphan, as no other articles link to it. Please introduce links to this page from related articles; try the Find link tool for suggestions. (October 2024)

Stargazer Goblin is a threat actor (since August 2022) which operate a network (over 3.000 inauthentic GitHub accounts) known as Stargazers Ghost Network that distribute malware (ransomware, infostealers) such as: Atlantida Stealer, Rhadamanthys, and share malicious links. It acts as a Distribution as a Service (DaaS).

Research has shown that Stargazer Goblin's operations include using open directories to share malware and stolen data, employing freely accessible resources as a strategy to evade detection. These open directories often contain malicious tools and compromised information, which are used to expand their reach and distribute malware. Analysis of their tactics, techniques, and procedures (TTPs) indicates potential overlaps with other threat actors, suggesting shared methods within the cybercriminal ecosystem.

References

  1. https://thehackernews.com/2024/07/stargazer-goblin-creates-3000-fake.html%7C
  2. Burgess, Matt. "A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub". Wired – via www.wired.com.
  3. Ezenwa, Eric. "How 'Stargazer Goblin' leveraged GitHub for large-scale malware attacks". Interesting Engineering.
  4. Horwood, Penny. "Malicious 'ghost' DaaS network spreading malware through GitHub". www.computing.co.uk.
  5. "Stargazers Ghost: $100K GitHub Malware Network Exposed". July 29, 2024.
  6. "Threat Actor Stargazer Goblin Uses Over 3,000 GitHub Accounts for Malware Distribution - CPO Magazine". 2 August 2024.
  7. ""'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware"". sosvo-staging.isis.vanderbilt.edu.
  8. "Network of 3,000 GitHub Accounts Used for Malware Distribution - SecurityWeek". 25 July 2024.
  9. "3,000 "ghost accounts" on GitHub spreading malware".
  10. "Echoes of Stargazer Goblin: Analyzing Shared TTPs from an Open Directory". 2024-11-22.


Stub icon

This article about a criminal organization is a stub. You can help Misplaced Pages by expanding it.

Categories: