Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.
Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain ransomware called TinyCryptor (aka decr1pt).
"They have been trying to target only Russian companies so far," Oleg Skulkin, Group-IB's senior DFIR analyst, told ZDNet this week.
"This is very unusual for Russian-speaking gangs who have this unspoken rule about not working within Russia and post-Soviet countries."
How attacks unfold
OldGremlin attacks usually begin with spear-phishing emails carrying malware-laced ZIP files, which will usually infect the victim org with a backdoor trojan named TinyNode. This grants the attackers an initial foothold on the company's network, where the hackers spread laterally to other systems and then deploy the ransomware in the final stage of their attacks.
Once a network is encrypted, the OldGremlin crew usually asks for around $50,000 in ransom payments using messages left on infected systems and leading back to a ProtonMail address.
Skulkin says Group-IB has identified the OldGremlin group in August, but the group's attacks date back to March, with their phishing emails using a wide variety of lures, ranging from posing as journalists looking for an interview to using the anti-government rallies in Belarus as a conversation starter.
As Skulkin noted, attacks against Russian entities are rare but have happened before. Usually, groups like Silence and Cobalt started small in Russia before expanding operations outward, to nearby countries first, and then to targets all over the world.
"If they are Russian, then it'd be unusual but not unheard of. Just a few weeks ago, we noticed an Initial Access Broker offering an RCE for a Russian bank on a Russian-speaking forum, and MagBo offers multiple webshells on Russian websites," KELA product manager Raveed Laeb, told ZDNet in an interview this week.
"There is also a possibility that they're not Russian but do operate out of CIS countries - for example, anti-Russian Ukrainian nationals probably have a double incentive for attacking Russian entities, both financial and ideological," Laeb added.
- پیر GTP پروتکل آسیب پذیری نیز تاثیر آینده 5G شبکه های
- چگونه برای دیدن خیره کننده ستاره دنباله دار Neowise قبل از برگ های آن برای 6000 سال - CNET
- Back to school: Gear for teachers who want to up their online game
- آنچه همه درباره بین بگ می گویند اشتباه است و چرا
- بررسي آزمايشگاهي تاثير ژئوسل در ظرفيت باربري خاکريزهاي راه آهن
- آموزش سئو ✅ دوره جامع آموزش SEO از مبتدی تا پیشرفته آکادمی آی تی
- بک لینک PBN
- مایکروسافت تیم: در اینجا می آید وظایف جدید برنامه
- کمیته مبارزه با سانسور موسیقی در جشنواره های Deadmau5, Steve Aoki و فلیکس دا Housecat در حال حاضر - CNET
- کربن فعال | انواع جدید