As technology advances, cybercriminals have become increasingly sophisticated in their attacks on businesses. One of the most recent trends in cybercrime is targeting law firms with malware such as GootLoader and FakeUpdates. These attacks are especially concerning as law firms often hold sensitive and confidential information, making them an attractive target for cybercriminals.

In January and February 2023, two separate cyber campaigns that distributed the malware strains GootLoader and FakeUpdates (also known as SocGholish) targeted six different legal firms.

The eSentire disclosure is the most recent in a string of attacks that have breached targets using the Gootkit malware loader.

GootLoader is a malware downloader that has been used in various campaigns to deliver multiple forms of malware. They are such as ransomware, information stealers, and banking Trojans. It is distributed through spam emails, malvertising, and malicious websites. The malware is designed to evade detection using advanced techniques such as fileless execution and living-off-the-land (LOTL) tactics. GootLoader is often used as a first-stage loader, where it downloads and executes additional malware payloads.

On the other hand, FakeUpdates malware that masquerades as legitimate software updates, such as Adobe Flash or Microsoft Office updates. It is typically delivered through malicious websites, malvertising, or phishing emails. Once installed, FakeUpdates can steal sensitive information such as login credentials, personal information, and financial data. FakeUpdates is also known for its persistence, making it difficult to remove from infected systems.

Law firms have become prime targets for these types of attacks due to the sensitive and confidential nature of the information they hold. The legal industry deals with sensitive client data, financial records, intellectual property, and trade secrets. This information is highly valuable to cybercriminals who can use it for financial gain or to launch more targeted attacks such as spear-phishing campaigns.


Law firms should implement strong security measures to protect against these types of attacks, including regular software updates, network segmentation, and employee training on cybersecurity best practices. Law firms should also consider using advanced security solutions such as endpoint protection. And intrusion detection systems to detect and prevent attacks. Also, law firms should have a robust incident response plan to respond to potential security breaches quickly.

Another notable feature of the twin intrusion sets is the lack of ransomware deployment and the preference for hands-on action. This raises the possibility that the attacks’ scope may have expanded to encompass espionage operations.

In conclusion, cybercriminals are increasingly targeting law firms with sophisticated malware such as GootLoader and FakeUpdates. These attacks can result in losing sensitive and confidential information and damage a law firm’s reputation. Law firms must proactively protect themselves from these threats. They include implementing strong security measures, employee training, and a robust incident response plan. By doing so, law firms can help mitigate the risks of cyberattacks and ensure the safety and security of their client’s information.