Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.
Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain ransomware called TinyCryptor (aka decr1pt).
"They have been trying to target only Russian companies so far," Oleg Skulkin, Group-IB's senior DFIR analyst, told ZDNet this week.
"This is very unusual for Russian-speaking gangs who have this unspoken rule about not working within Russia and post-Soviet countries."
How attacks unfold
OldGremlin attacks usually begin with spear-phishing emails carrying malware-laced ZIP files, which will usually infect the victim org with a backdoor trojan named TinyNode. This grants the attackers an initial foothold on the company's network, where the hackers spread laterally to other systems and then deploy the ransomware in the final stage of their attacks.
Once a network is encrypted, the OldGremlin crew usually asks for around $50,000 in ransom payments using messages left on infected systems and leading back to a ProtonMail address.
Skulkin says Group-IB has identified the OldGremlin group in August, but the group's attacks date back to March, with their phishing emails using a wide variety of lures, ranging from posing as journalists looking for an interview to using the anti-government rallies in Belarus as a conversation starter.
As Skulkin noted, attacks against Russian entities are rare but have happened before. Usually, groups like Silence and Cobalt started small in Russia before expanding operations outward, to nearby countries first, and then to targets all over the world.
"If they are Russian, then it'd be unusual but not unheard of. Just a few weeks ago, we noticed an Initial Access Broker offering an RCE for a Russian bank on a Russian-speaking forum, and MagBo offers multiple webshells on Russian websites," KELA product manager Raveed Laeb, told ZDNet in an interview this week.
"There is also a possibility that they're not Russian but do operate out of CIS countries - for example, anti-Russian Ukrainian nationals probably have a double incentive for attacking Russian entities, both financial and ideological," Laeb added.
tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im
مقالات مشابه
- چگونه در مواد شیمیایی در 60 دقیقه پیشرفت کنیم
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- دریابیم که چگونه گسترش Phrase درباره مواد شیمیایی شما
- Informatica کسب آخرین گسترش داده فروشگاه سخت به دریافت منابع
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- معرفی بازار لباس بچگانه تهران + آدرس
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- آشنایی با صفر تا صد لوازم آرایشی - مجله اینترنتی مد و لباس شهرمون
- محرک بررسی 2: شما یک دوم $1,200 پرداخت از IRS ؟ این خبر تا کنون - CNET
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی