![]() ![]() ![]() With sanctions increasingly being used as a means to rein in ransomware attacks, in turn barring victims from negotiating with the threat actors, adding a ransomware group to a sanctions list - without naming the individuals behind it - has also been complicated by the fact that cybercriminal syndicates often tend to shutter, regroup, and rebrand under a different name to circumvent law enforcement.ĭiscover the Hidden Dangers of Third-Party SaaS AppsĪre you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk. Mandiant said it noted further similarities between UNC2165 and an Evil Corp-connected cyber espionage activity tracked by Swiss cybersecurity firm PRODAFT under the name SilverFish aimed at government entities and Fortune 500 companies in the E.U and the U.S.Ī successful initial compromise is followed by a string of actions as part of the attack lifecycle, including privilege escalation, internal reconnaissance, lateral movement, and maintaining long-term remote access, before delivering the ransomware payloads. Interestingly, FakeUpdates has also, in the past, served as the initial infection vector for distributing Dridex that then was used as a conduit to drop BitPaymer and DoppelPaymer onto compromised systems. UNC2165's pivot from Hades to LockBit as a sanctions-dodging tactic is said to have occurred in early 2021. Hades is the work of a financially motivated hacking group named Evil Corp, which is also called by the monikers Gold Drake and Indrik Spider and has been attributed to the infamous Dridex (aka Bugat) trojan as well as other ransomware strains such as BitPaymer, DoppelPaymer, WastedLocker, Phoenix, PayloadBIN, Grief, and Macaw over the past five years. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |