The hacker group was targeting these entities for espionage purposes. The team of researchers representing the company ESET dubbed the malicious group FamousSparrow. According to the researchers, the group is a new player in the espionage space. The advanced persistent threat group has been active since 2019 and is likely to stand behind numerous attacks on governments, legal companies, engineering firms, and entities representing the hospitality sector. The victims represent various regions including Europe, the Americas, Asia, etc.
According to the data collected by ESET, the malicious group acts independently from other active APT groups. However, there are some overlaps between them. The new APT group is interesting since it has exploited a chain of zero-day vulnerabilities called ProxyLogon. The malicious group was exploiting these vulnerabilities to compromise Microsoft servers worldwide in March. Advanced persistent groups are actively targeting internet-facing applications including Microsoft Share Point and Oracle Opera.
CISA has shared details on the new ransomware group and its affiliates with the cybersecurity community. According to the data collected by CISA together with the FBI, there were more than 400 ransomware attacks targeting the US and other enterprises initiated by the Conti group. CISA has identified that although the Conti group applies the ransomware-as-a-service model, they do it a bit differently than other ransomware groups. Namely, instead of paying a share of profits to affiliates, the group is paying the deployers of ransomware fixed wages.
The Conti ransomware group is mostly targeting the entities representing the critical infrastructure. The list of instruments and tools used by the Conti malicious group to commit attacks includes remote monitoring and management software, Remote Desktop software, and spear-phishing campaigns. When speaking about spear-phishing campaigns, they were mostly using tailored emails containing malicious links or attachments.
The Russian cryptocurrency exchange SUEX has been added to the sanctions list by the US Treasury. The latter accused SUEX of facilitating ransomware payments for countless groups. Although SUEX is incorporated in the Czech Republic, it is operating from Russia. According to the estimations made by Treasury, up to 40% of the transactions processed on the exchange are linked to «illicit actors». Under the imposed sanctions, property and interests related to the target are blocked and US citizens are prohibited from engaging with them.
The Treasury’s Office of Foreign Assets Control has issued a separate update in which it reminds ransomware victims of the risks associated with paying ransom to cybercriminals. For example, a government may impose penalties on organizations that have carried out payments to the entities from the sanctions list such as Evil Corp. Also, this update contains information regarding the importance for ransomware victims to report to government bodies of the experienced incidents.
The upcoming acquisition of CipherTrace by Mastercard is a great example of the fact that a partnership between payments giants and crypto firms is needed to promote digital asset innovation. Institutional interest for virtual assets including cryptocurrencies is constantly increasing proving that these assets are here to stay. At the same time, traditional financial institutions start understanding the importance to integrate virtual assets into their agenda. Mastercard and VISA are actively entering into partnerships with crypto organizations to promote security and increase users’ trust in transactions involving virtual assets.
The president of cyber and intelligence at Mastercard Ajay Bhalla noted that customers and other partners are interested in getting the same convenient experience when working with digital assets as the one they get when working with traditional payments methods. The acquisition of CipherTrace will allow Mastercard to strengthen its power in identifying, detecting, and preventing money laundering and fraud. Proper accommodation from the side of financial institutions that already support virtual assets is required to ensure their growth in the segment of crypto payments.
The Canadian voice-over-IP provider VoIP has faced massive and sustained DDoS attack that could cause serious damage to the company. VoIP has been down since 17 September. According to the information provided by the news service Bleeping Computer, a threat actor initially demanded 1 BTC to stop the attack but then asked for 100 BTC. The message provided on the company’s site includes information regarding the attack targeting VoIP’s website and POP servers.
The company has already recovered SMS and MMS services, conference recording services, and call recordings. Now, these features are fully functional. The company has 23 servers in Canada and 42 servers in the USA to meet the needs of its phone customers. The attack against the Canadian provider is the confirmation of the threats posed by the malicious groups and actors behind DDoS attacks to entities.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.