Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributingGootLoaderandFakeUpdates(aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that’s capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notablyemployssearch engine optimization (