An Interest In:
Web News this Week
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
- April 8, 2024
- April 7, 2024
- April 6, 2024
Some of Our Sources
- Techcrunch
- Technology Review
- Team Treehouse
- Abduzeedo
- Noupe
- Spyre Studios
- Web Resource Source
- Willems Lab
- Daily Now
- Hashedout
Help Webnuz
Referal links:
March 17, 2022 06:13 pm
Original Link: https://it.slashdot.org/story/22/03/17/1813219/google-discovers-threat-actor-working-as-an-initial-access-broker-for-conti-ransomware-hackers?utm_sour
Google Discovers Threat Actor Working as an 'Initial Access Broker' for Conti Ransomware Hackers
Google's Threat Analysis Group has observed a financially-motivated threat actor working as an intermediary for the Russian hackers, including the Conti ransomware gang. From a report: The group, which Google refers to as "Exotic Lily," acts as an initial access broker, finding vulnerable organizations and selling access to their networks to the highest bidder. By contracting out the initial access to a victim's network, ransomware gangs like Conti can focus on the execution phase of an attack. In the case of Exotic Lily, this initial access was gained through email campaigns, in which the group masqueraded as legitimate organizations and employees through the use of domain and identity spoofing. In the majority of cases, a spoofed domain was nearly identical to the real domain name of an existing organization, but changed the top-level domains to ".us," ".co" or ".biz." In order to appear as legitimate employees, Exotic Lily set up social media profiles and AI-generated images of human faces. The attackers, which Google believes are operating from Central or Eastern Europe due to the threat actors' working hours, would then send spear-phishing emails under the pretext of a business proposal, before ultimately uploading a payload to a public file-sharing service such as WeTransfer or Microsoft OneDrive.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/22/03/17/1813219/google-discovers-threat-actor-working-as-an-initial-access-broker-for-conti-ransomware-hackers?utm_sour
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot