• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us
  • Block Examples
  • Landing Page

iHash

News and How to's

  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

A New Hacking Group Hitting Russian Companies With Ransomware

Sep 23, 2020 by iHash Leave a Comment

Russian Ransomware hack

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

The ransomware gang, codenamed “OldGremlin” and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11.

“The group has targeted only Russian companies so far, which was typical for many Russian-speaking adversaries, such as Silence and Cobalt, at the beginning of their criminal path,” Singaporean cybersecurity firm Group-IB said in a report published today and shared with The Hacker News.

cybersecurity

“Using Russia as a testing ground, these groups then switched to other geographies to distance themselves from vicious actions of the victim country’s police and decrease the chances of ending behind the bars.”

OldGremlin’s modus operandi involves using custom backdoors — such as TinyNode and TinyPosh to download additional payloads — with the ultimate goal of encrypting files in the infected system using TinyCryptor ransomware (aka decr1pt) and holding it hostage for about $50,000.

In addition, the operators gained an initial foothold on the network using a phishing email sent on behalf of Russia’s RBC Group, a Moscow-based major media group, with “Invoice” in the subject line.

ransomware-attack

The message informed the recipient of their inability to contact the victim’s colleague with regards to an urgent bill payment along with a malicious link to pay the bill that, when clicked, downloaded the TinyNode malware.

Upon finding their way in, the bad actor used remote access to the infected computer, leveraging it to laterally move across the network via Cobalt Strike and gather authentication data of the domain administrator.

In a different variant of the attack observed in March and April, the cybercriminals were found using COVID-themed phishing lures to financial enterprises that masqueraded as a Russian microfinance organization to deliver the TinyPosh Trojan.

Subsequently, a separate wave of the campaign was detected on August 19, when the cybercriminals sent out spear-phishing messages exploiting the ongoing protests in Belarus decrying the government, proving once again that threat actors are adept at capitalizing world events to their advantage.

In all, OldGremlin has been behind nine campaigns between May and August, according to Group-IB.

“What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Oleg Skulkin, a senior digital forensics analyst at Group-IB, said.

“This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global, as it was the case with Silence and Cobalt, or they are representatives of some of Russia’s neighbors who have a strong command of Russian.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Companies, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Group, hacker news, hacking, hacking news, Hitting, how to hack, information security, network security, ransomware, ransomware malware, russian, software vulnerability, the hacker news

Special Offers

  • Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199

    Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199
  • Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

    Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52
  • Accordina Ambient LED Collapsible Wireless Phone Charger for $29

    Accordina Ambient LED Collapsible Wireless Phone Charger for $29
  • Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84

    Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84
  • Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

    Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

Apr 15, 2021 By iHash

Accordina Ambient LED Collapsible Wireless Phone Charger for $29

Apr 14, 2021 By iHash

Tags

* Apple computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPad iPhone iPhone 6 Malware microsoft network security OS X Yosemite Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news update video web applications
Copyright iHash.eu © 2021
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.