The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant ismonitoringthe activity cluster under the monikerUNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit, also called Gootloader, is spread through compromised websites that