GOLD ATMOSPHERE
Objectives
Tools
SUMMARY
GOLD ATMOSPHERE is a financially motivated cybercriminal threat group that develops and markets the Aurora Stealer malware. Aurora first emerged in April 2022 and is marketed on underground forums and Telegram channels by multiple personas for prices ranging from 125 to 300 USD per month. Aurora consists of an administrative panel distributed to GOLD ATMOSPHERE's customers that allows the generation of unique builds of the malware for distribution. The panel also implements Aurora's command and control (C2) functionality allowing it to receive stolen data from infected hosts. Threat actors can configure the panel to notify them by Telegram when high-value data, such as cryptocurrency wallets, are received. Aurora steadily gained popularity from late 2022 to mid-2023 but maintained a diminutive presence on credential marketplaces. CTU researchers observed a sudden drop in the volume of new Aurora samples in late April 2023. In early May 2023 GOLD ATMOSPHERE deleted the Telegram channels used to provide sales and support of Aurora and are reported to have abandoned existing customers. The future of this malware's operation presently remains unclear.
Contact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.