Tag Archive for: Aggressive

High-profile summer attacks linked to same aggressive ransomware group

/in


The threat group behind some of the most high profile, identity-based cyberattacks this year is also “one of the most dangerous financial criminal groups” currently in operation, Microsoft researchers said in a Wednesday report.

The group, which Microsoft identifies as Octo Tempest and other researchers identify as Oktapus, Scattered Spider and UNC3944, uses multiple forms of social engineering to gain access to organizations’ infrastructure, steal corporate data and extort victims for ransom payments, according to Microsoft Threat Intelligence.

The collection of young, native English-speaking threat actors, which was initially observed in 2022 and affiliated with the ransomware-as-a-service operation ALPHV or BlackCat in mid 2023, has claimed responsibility for major attacks against MGM Resorts, Caesars Entertainment and Clorox in the past few months.

Microsoft researchers said similar social-engineering techniques resulted in attacks against four Okta customers’ environments in late July and August.

While those attacks directly targeted Okta customers for the initial point of intrusion, a more recent string of attacks against Okta customer environments occurred when a threat actor used a stolen Okta support system administrator credential to access authentication tokens for customers, including BeyondTrust, Cloudflare and 1Password.

The report also pointed to the group’s recent focus on VMware ESXi servers, virtualization infrastructure lacking security tools which have been hit by a spree of attacks this year.

The threat actors are responsible for wide-ranging campaigns using adversary-in-the-middle techniques, social engineering and SIM swapping. Industries most recently targeted for extortion include gaming, hospitality, technology, financial services, managed service providers and manufacturing, according to Microsoft.

“The well-organized, prolific nature of Octo Tempest’s attacks is indicative of extensive technical depth and multiple hands-on-keyboard operators,” Microsoft Threat Intelligence said in the report.

Microsoft joins other threat researchers in describing the group as prevalent, highly…

Source…

Conti Ransomware: The History Behind One of the World’s Most Aggressive RaaS Groups

/in


The Conti ransomware group has become one of the most notorious cybercrime collectives in the world, known for its aggressive tactics and large scale attacks against a wide range of public and private organizations. Along with other prominent ransomware groups, Conti has underlined the importance of preparing a strong response plan to mitigate the effects of what could be an incredibly damaging blow to a company’s assets, personnel, and reputation.

But while it maintains its place as one of the most prolific ransomware gangs to exist in the cyber threat landscape, Conti has also gained a significant amount of attention in 2022 for activity related to potential internal divisions. Leaked private chats between Conti members and a fracture of the group have left observers questioning the future of the ransomers, prompting a look back on how it became such a fixture in the ransomware landscape.

Understanding this background is not only critical to your organization’s knowledge of Conti specifically, but also gives important context to ransomware threats as a whole. 

Recommended Reading: The Great Cyber Exit: Why the Number of Illicit Marketplaces Is Dwindling

The formation of Conti

Led by Russia-based threat actors, the Conti ransomware variant was first observed in or around February 2020, and the collective quickly became one of the most active groups in the ransomware space. In August 2020, months after its initial debut, the threat actors distributing Conti launched a data leaks site to post confidential documents obtained by attackers. By the end of 2020 the site had leaked the data of more than 150 companies, making them the third most active ransomware leaker group that year, behind only “Maze” and “Egregor.”

Conti operates using a Ransomware-as-a-Service (RaaS) attack model, paying affiliates for successfully deploying the malware into an organization’s system and opening the door for the primary threat actors to further exploit and coerce the victim during the second stage of the attack. Their attack model and structure was exposed in August 2021, when a former Conti affiliate leaked Conti training documents. The threat actor claimed that Conti exploits their…

Source…

Ransomware gangs get more aggressive against law enforcement :: WRAL.com

/in


By ALAN SUDERMAN, Associated Press

RICHMOND, Va., — Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime.

Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin.

“I was shocked, I was surprised, frustrated,” Cunningham said.

Police departments big and small have been plagued for years by foreign hackers breaking into networks and causing varying level of mischief, from disabling email systems to more serious problems with 911 centers temporarily knocked offline. In some cases important case files have gone missing.

But things have taken a dark turn recently. Criminal hackers are increasingly using brazen methods to increase pressure on law enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The threat of ransomware has risen to a level that’s impossible to ignore, with hardly a day going by without news of a hospital, private business or government agency being victimized. On Saturday, the operator of a major pipeline system that transports fuel across the East Coast said it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat.

The increasingly defiant attacks on law enforcement agencies underscore how little ransomware gangs fear repercussions.

In Washington, D.C., a Russian-speaking ransomware syndicate called Babuk hacked into the network of the city’s police department and threatened to leak the identities of confidential informants unless an unspecified ransom was paid.

A day after the initial threat was posted in late April, the gang tried to spur payment by leaking personal information of some police officers taken from background checks, including details of officers’ past drug use, finances and — in at least one incident — of past sexual abuse.

Similar threats were made recently against a small police force in Maine. The police department in Dade City, a small town…

Source…

Ransomware gangs get more aggressive against law enforcement

/in


Source…