8.1 C
London
Sunday, February 5, 2023

Former Conti ransomware gang members helped attack Ukraine, Google says

Must read

Justin Long– Wiki, bio, age, height, net worth, girlfriend

Justin long, also known as Justin Jacob Long, is an actor, director, screenwriter and comedian from the United States. He is best known...

How old is Prettyboyfredo? Age, net worth, height, real name

 Who is Prettyboyfredo? Wiki bioAlfredo 'Prettyboyfredo' Villa, was born in Palm Beach, Florida USA on August 20, 1993...

Who is Johanna Leia Boyfriend? Is she dating Drake?

Johanna Leia is a Los Angeles-based reality TV star, social media influencer and model. She has modeled for various swimwear brands and other...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A cybercriminal group that includes former members of the infamous Conti ransomware gang is targeting the Ukrainian government and European NGOs in the region, Google says.

The details come from a new blog post from the Threat Analysis Group (TAG), a team within Google dedicated to tracking state-sponsored cyber activity.

Now that the war in Ukraine has lasted more than half a year, cyber activity, including hacktivism and electronic warfare, has been constantly in the background. Now TAG says profit-hungry cybercriminals are becoming more active in the area.

From April to August 2022, TAG is tracking “an increasing number of financially motivated threat actors targeting Ukraine, whose activities are closely aligned with Russian government-backed attackers,” writes TAG’s Pierre-Marc Bureau. One of these state-backed actors has already been designated UAC-0098 by CERT, Ukraine’s National Computer Emergency Response Team. But a new analysis from TAG links it to Conti, a prolific global ransomware gang that took out the Costa Rican government in a cyberattack in May.

“Based on multiple indicators, TAG assesses that some members of UAC-0098 are former members of the Conti cybercrime group who are re-using their techniques to target Ukraine,” Bureau writes.

The group known as UAC-0098 has previously used a banking Trojan known as IcedID to launch ransomware attacks, but Google’s security researchers say it’s now shifting to campaigns that are “both politically and financially motivated”. According to TAG’s analysis, the members of this group use their expertise to act as initial access brokers – the hackers who first compromise a computer system and then sell the access to other actors interested in exploiting the target.

In recent campaigns, the group sent phishing emails to a number of organizations in the Ukrainian hospitality industry masquerading as Ukraine’s cyber police or, in another case, targeting humanitarian NGOs in Italy with phishing emails being sent. from the hacked email account of an Indian hotel chain.

Other phishing campaigns posed as representatives of Starlink, the satellite internet system of Elon Musk’s SpaceX. These emails provided links to malware installers disguised as software needed to connect to the Internet through Starlink’s systems.

The group linked to Conti also exploited the Follina vulnerability in Windows systems shortly after it was first published in late May this year. In these and other attacks, it is not known exactly what actions UAC-0098 took after systems were compromised, TAG says.

Overall, the Google researchers point to “blurring of the lines between financially motivated and government-backed groups in Eastern Europe,” an indicator of how cyber threat actors often tailor their activities to the geopolitical interests in a given region.

But it is not always a strategy that is guaranteed to win. At the start of the invasion of Ukraine, Conti paid the price for openly declaring support for Russia when an anonymous person leaked access to more than a year of the group’s internal chat logs.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Justin Long– Wiki, bio, age, height, net worth, girlfriend

Justin long, also known as Justin Jacob Long, is an actor, director, screenwriter and comedian from the United States. He is best known...

How old is Prettyboyfredo? Age, net worth, height, real name

 Who is Prettyboyfredo? Wiki bioAlfredo 'Prettyboyfredo' Villa, was born in Palm Beach, Florida USA on August 20, 1993...

Who is Johanna Leia Boyfriend? Is she dating Drake?

Johanna Leia is a Los Angeles-based reality TV star, social media influencer and model. She has modeled for various swimwear brands and other...

Pervez Musharraf, Pakistani ex-president and US ally in ‘war on terror’, dies at 71

General Pervez Musharraf, who seized power in a bloodless coup and later led an unwilling Pakistan to aid the US war in Afghanistan against...