Getty Photographs
The Cuba ransomware group has claimed an attack on Montenegro’s governing administration which claimed final week that it was experiencing Russia-joined cyber attacks.
It claimed to have received the files belonging to the Montenegrin government’s Division for Community Relations on 19 August 2022.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The files allegedly contained details these kinds of as monetary documents, correspondence with financial institution workforce, harmony sheets, tax documents, compensation, and source code.
IT Pro has not been ready to confirm the legitimacy of the data files because Cuba’s down load backlink appears to be broken at the time of writing.
Montenegro’s Agency for National Security (ANB) stated on Saturday that it was “under a hybrid war at the moment” days after its public administration minister tweeted that “certain services” experienced been taken offline amid ‘multiple’ cyber attacks.
The minister, Maras Dukaj, on Thursday also likened the “series of cyber attacks” to people sustained in 2015 and 2016 in the region.
Dukaj did not explicitly determine which attacks he was referring to, but he may perhaps have been referring to the Russia-linked cyber attacks concentrating on the country just before it joined NATO in 2017.
The Montenegrin ANB website is also presently unreachable at the time of producing, as is the site for the Office for Public Relations which Cuba has claimed to have successfully breached.
Montenegro was at the time regarded as a pro-Russia ally but considering the fact that it joined NATO in 2017, it has been thought of an enemy of the nation that’s now invading Ukraine.
Russia also additional Montenegro to its list of ‘enemy states’ together with other Western allies this sort of as the UK and other nations that publicly oppose the Kremlin’s ambitions.
Coordinated Russian products and services are guiding the cyber attack,” the ANB explained in a assertion to Related Press. “This kind of attack was carried out for the very first time in Montenegro and it has been geared up for a very long period of time of time.”
Governing administration formal Dusan Polovic said, “I can say with certainty that this attack that Montenegro is experiencing these times will come right from Russia.”
The cyber attacks show up to be targeting a broad collection of community entities in the country, such as government solutions, and transportation and telecommunications sectors, its govt stated.
A number of the government’s servers have been qualified but the attacks so much have not resulted in any injury or information decline.
Who is powering the Cuba ransomware gang?
Quite few cyber security corporations have been confident ample to attribute the ransomware organisation to a precise country, nonetheless, Profero is a person to have linked it to Russia.
The organization reported it has noticed the Russian language on its internet site and all through its negotiations with victims.
Cuba’s latest ransomware leak web-site is penned completely in English, even though some small spelling and grammar issues can be noticed.
The US Federal Bureau of Investigation (FBI) mentioned in a 2021 report that the team had compromised at the very least 49 organisations, like target operating critical infrastructure, netting practically $50 million (£43 million) in revenue.
The double extortion ransomware team is assumed to have qualified organisations in Europe, North and South The united states, and Asia in the earlier and seasoned a resurgence amongst March and April 2022, according to Craze Micro.
Cuba ransomware is often shipped as a ultimate-stage payload in cyber attacks involving the Hancitor malware downloader in email-centered attack campaigns.
Further instruments typically associated with these attacks are the use of the Mimikatz credential-thieving malware and the oft-abused Cobalt Strike penetration screening toolkit.
Some areas of this write-up are sourced from:
www.itpro.co.uk