Wednesday, July 17, 2024

Microsoft warns one of the most dangerous cybercrime crews around has expanded its arsenal

One of the most dangerous cybercrime crews around,has expanded its arsenal to include two additional ransomware payloads, Microsoft security experts have revealed.

A thread on X/Twitter posted by cybersecurity researchers at Microsoft outlined how Octo Tempest, known for its “sophisticated social engineering techniques, identity compromise, and persistence," is now utilizing RansomHub and Qilin. 

In the thread, Microsoft’s researchers added Octo Tempest usually targets VMWare ESXi servers and looks to deploy the BlackCat ransomware - so the addition of the new payloads, which was apparently introduced in the second quarter of 2024, could be due to the fact that BlackCat is now defunct.

New, but dangerous

Earlier this year, an affiliate breached Change Healthcare and managed to extort the company for $22 million. However, the money never reached the affiliate who made the breach, and was instead picked up by BlackCat maintainers, who shut the whole operation down and disappeared.

The affiliate, which was left holding gigabytes of sensitive information, later became RansomHub, one of the two payloads now used by Octo Tempest. Even though it’s a relatively young player in the ransomware game, RansomHub is making quite a name for itself, assuming responsibility for the attacks on Christie’s, Rite Aid, and NRS Healthcare.

Microsoft added that RansomHub was observed being deployed in post-compromise activity by Manatee Tempest, following initial access by Mustard Tempest via FakeUpdates/Socgholish infections.

Microsoft first lifted the lid on Octo Tempest in October 2023, when it published an in-depth analysis of the threat actor which noted the hackers are native English, financially motivated, with extensive knowledge, plenty of experience, and zero scrupules. 

Octo Tempest was first formed in early 2022 and at the time it was oriented mostly towards selling SIM swaps and stealing accounts belonging to people rich in cryptocurrencies. A few months later, the group expanded its operations and started phishing, social engineering, as well as resetting huge amounts of passwords of hacked service providers.

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/Tfq1hZ0

No comments:

Post a Comment

Elon Musk’s xAI supercomputer gets 150MW power boost despite concerns over grid impact and local power stability

Elon Musk's xAI supercomputer gets power boost amid concerns 150MW approval raises questions about grid reliability in Tennessee Lo...