Cisco’s Talos Security Intelligence and Research Group traced a Russia-hosted RIG exploit kit to a single hosting provider out of Russia. Even as Webzilla shut down RIG servers, Eurobyte would simply bring up new ones. RIG is a popular way to install spam botnets, while Angler is known more for ransomware and other types of malware installers. An unsuspecting user visits an infected website, or a site with a malicious ad, and the exploit kit then looks for vulnerabilities in the user’s browser.”]
Source: https://www.csoonline.com/article/3021553/rig-exploit-kit-takes-over-while-angler-on-vacation.html