Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.
Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain ransomware called TinyCryptor (aka decr1pt).
"They have been trying to target only Russian companies so far," Oleg Skulkin, Group-IB's senior DFIR analyst, told ZDNet this week.
"This is very unusual for Russian-speaking gangs who have this unspoken rule about not working within Russia and post-Soviet countries."
How attacks unfold
OldGremlin attacks usually begin with spear-phishing emails carrying malware-laced ZIP files, which will usually infect the victim org with a backdoor trojan named TinyNode. This grants the attackers an initial foothold on the company's network, where the hackers spread laterally to other systems and then deploy the ransomware in the final stage of their attacks.
Once a network is encrypted, the OldGremlin crew usually asks for around $50,000 in ransom payments using messages left on infected systems and leading back to a ProtonMail address.
Skulkin says Group-IB has identified the OldGremlin group in August, but the group's attacks date back to March, with their phishing emails using a wide variety of lures, ranging from posing as journalists looking for an interview to using the anti-government rallies in Belarus as a conversation starter.
As Skulkin noted, attacks against Russian entities are rare but have happened before. Usually, groups like Silence and Cobalt started small in Russia before expanding operations outward, to nearby countries first, and then to targets all over the world.
"If they are Russian, then it'd be unusual but not unheard of. Just a few weeks ago, we noticed an Initial Access Broker offering an RCE for a Russian bank on a Russian-speaking forum, and MagBo offers multiple webshells on Russian websites," KELA product manager Raveed Laeb, told ZDNet in an interview this week.
"There is also a possibility that they're not Russian but do operate out of CIS countries - for example, anti-Russian Ukrainian nationals probably have a double incentive for attacking Russian entities, both financial and ideological," Laeb added.
tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im
مقالات مشابه
- مزایای فروشگاه آنلاین تجهیزات پزشکی نسبت به بازار
- آموزش تقویت سئو
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- بهترین خدمات میزبانی وب ارزان: چگونه برای پیدا کردن حق ارائه دهنده
- مایکروسافت استخدام های موبایل آندروید مهندسی و طراحی کارشناسان از Movial
- در اولین نگاه همه جدید 2021 نیسان Rogue
- مواد شیمیایی Chronicles
- تجهیزات بیلیارد شما یک سرمایه گذاری است
- آنها بودند درخواست شده سه سوالات در مورد برج خنک کننده... این است {یک عالی|یک فوقالعاده|یک فوقالعاده|یک درس شگفتانگیز|یک عالی|یک درس عالی|یک ایدهآل|یک درس مهم
- T-Mobile این گزارش کاهش صدها نفر از مشاغل زیر $26.5 B با حداکثر سرعت دویدن ادغام - CNET