Fog Ransomware Attack on Asian Financial Firm Suggests Espionage
A cyberattack on an Asian financial institution involving Fog ransomware has raised alarms among researchers due to its unusual use of employee monitoring software and espionage-like tactics.
Symantec revealed the attackers deployed Syteca — a legitimate tool used to monitor staff — alongside open-source tools like GC2, which uses Google Sheets or SharePoint for covert command and control. These are rarely seen in ransomware campaigns.
Analysts noted that, unlike typical attacks, the hackers stayed in the network after deploying the ransomware, hinting at a broader objective. “This could be more than a standard ransomware attack,” said Symantec’s Brigid O Gorman.
Although the group behind the attack is unknown, it shares traits with Chinese-linked operations that use ransomware as a cover for spying. The attackers spent two weeks inside the network and wiped traces of their activity.
Fog ransomware, which first appeared in May 2024, has mainly targeted U.S. universities. This latest attack signals a shift towards more complex campaigns blending extortion with espionage.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543