• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
russian ransomware gang retool custom hacking tools of other apt

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

You are here: Home / General Cyber Security News / Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
March 14, 2022

A Russian-talking ransomware outfit most likely specific an unnamed entity in the gambling and gaming sector in Europe and Central The united states by repurposing custom made instruments produced by other APT groups like Iran’s MuddyWater, new investigate has discovered.

The uncommon attack chain associated the abuse of stolen credentials to attain unauthorized access to the sufferer network, eventually major to the deployment of Cobalt Strike payloads on compromised belongings, claimed Felipe Duarte and Ido Naor, researchers at Israeli incident reaction agency Security Joes, in a report published last week.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Even though the infection was contained at this phase, the researchers characterized the compromise as a situation of a suspected ransomware attack.

The intrusion is explained to have taken spot in February 2022, with the attackers creating use of publish-exploitation resources this kind of as ADFind, NetScan, SoftPerfect, and LaZagne. Also used is an AccountRestore executable to brute-force administrator credentials and a forked model of a reverse tunneling tool called Ligolo.

Identified as Sockbot, the modified variant is a Golang binary which is built to expose internal property from a compromised network to the internet in a stealthy and safe method. The variations created to the malware get rid of the have to have to use command-line parameters and includes various execution checks to steer clear of running numerous scenarios.

Specified that Ligolo is a principal device of selection for the Iranian country-state team MuddyWater, the use of a Ligolo fork has raised the chance that the attackers are having equipment utilized by other teams and incorporating their very own signatures in a possible endeavor to confuse attribution.

Prevent Data Breaches

The one-way links to a Russian-talking ransomware group occur from artifact overlaps with widespread ransomware toolkits. Furthermore, 1 of the deployed binaries (AccountRestore) has tricky-coded references in Russian.

“The approach employed by threat actors to access and pivot in excess of the victim’s infrastructure allows us see a persistent, subtle enemy with some programming skills, crimson teaming encounter and a distinct goal in thoughts, which is far from the normal script kiddie profile,” the scientists reported.

“The reality that the entry place for this intrusion was a established of compromised qualifications reassures the relevance of implementing added accessibility controls for all the different belongings in any organization.”

Found this report intriguing? Comply with THN on Facebook, Twitter  and LinkedIn to browse far more special material we submit.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «china overhauls isp rules to better protect children online China overhauls ISP rules to better protect children online
Next Post: Cyber security certification overhaul brings new questions and longer exams cyber security certification overhaul brings new questions and longer exams»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.