caution

Ehemalige Mitglieder der Conti-Ransomware-Bande halfen bei der Bekämpfung der Ukraine, sagt Google

Teilen:

Ein Blog der Threat Analysis Group beschreibt die Taktiken eines mit Russland verbundenen Bedrohungsakteurs

A cybercriminal group containing former members of the notorious Conti ransomware gang is targeting the Ukrainian government and European NGOs in the region, Google says.

The details come from a new blog post from the Threat Analysis Group (TAG), a team within Google dedicated to tracking state-sponsored cyber activity.

With the war in Ukraine having lasted more than half a year, cyber activity including hacktivism und electronic warfare has been a constant presence in the background. Now, TAG says that profit-seeking cybercriminals are becoming active in the area in greater numbers.

From April through August 2022, TAG has been following “an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers,” writes TAG’s Pierre-Marc Bureau. One of these state-backed actors has already been designated by CERT — Ukraine’s national Computer Emergency Response Team — as UAC-0098. But new analysis from TAG links it to Conti: a prolific global ransomware gang that shut down the Costa Rican government with a cyberattack in May.

“TAG assesses some members of UAC-0098 are former members of the Conti cybercrime group repurposing their techniques to target Ukraine”

“Based on multiple indicators, TAG assesses some members of UAC-0098 are former members of the Conti cybercrime group repurposing their techniques to target Ukraine,” Bureau writes.

The group known as UAC-0098 has previously used a banking Trojan known as IcedID to carry out ransomware attacks, but Google’s security researchers say it is now shifting to campaigns that are “both politically and financially motivated.” According to TAG’s analysis, the members of this group are using their expertise to act as initial access brokers — the hackers who first compromise a computer system and then sell off access to other actors who are interested in exploiting the target.

Recent campaigns saw the group send phishing emails to a number of organizations in the Ukrainian hospitality industry purporting to be the Cyber Police of Ukraine or, in another instance, targeting humanitarian NGOs in Italy with phishing emails sent from the hacked email account of an Indian hotel chain.

Other phishing campaigns impersonated representatives of Starlink, the satellite internet system operated by Elon Musk’s SpaceX. These emails delivered links to malware installers disguised as software required to connect to the internet through Starlink’s systems.

The Conti-linked group also exploited the Follina vulnerability in Windows systems shortly after it was first publicized in late May of this year. In this and other attacks, it is not known exactly what actions UAC-0098 has taken after systems have been compromised, TAG says.

Overall, the Google researchers point to “blurring lines between financially motivated and government backed groups in Eastern Europe,” an indicator of the way cyber threat actors often adapt their activities to align with the geopolitical interests in a given region.

But it’s not always a strategy guaranteed to win. At the start of the Ukraine invasion, Conti paid the price for openly declaring support for Russia when an anonymous individual leaked access to over a year’s worth of the group’s internal chat logs.

https://www.theverge.com/2022/9/7/23341045/former-conti-ransomware-gang-target-ukraine-google

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:05 pm, Feb. 6, 2025
Wetter-Symbol 7°C
L: 6° | H: 8°
broken clouds
Luftfeuchtigkeit: 73 %
Druck: 1040 mb
Wind: 11 mph ENE
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 7:30 am
Sonnenuntergang: 4:58 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
6° | 8°°C 0 mm 0% 12 mph 81 % 1040 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
4° | 5°°C 1 mm 100% 13 mph 95 % 1036 mb 0 mm/h
Sa. Feb. 08 9:00 pm
Wetter-Symbol
4° | 6°°C 1 mm 100% 11 mph 96 % 1027 mb 0 mm/h
So. Feb. 09 9:00 pm
Wetter-Symbol
5° | 8°°C 0 mm 0% 10 mph 96 % 1039 mb 0 mm/h
Mo. Feb. 10 9:00 pm
Wetter-Symbol
3° | 4°°C 1 mm 100% 11 mph 96 % 1038 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
6° | 7°°C 0 mm 0% 11 mph 74 % 1040 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
4° | 5°°C 0 mm 0% 12 mph 81 % 1039 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 79 % 1036 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 78 % 1033 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 72 % 1030 mb 0 mm/h
Tomorrow 9:00 am
Wetter-Symbol
5° | 5°°C 0 mm 0% 13 mph 69 % 1028 mb 0 mm/h
Tomorrow 12:00 pm
Wetter-Symbol
4° | 4°°C 0.2 mm 20% 13 mph 83 % 1025 mb 0 mm/h
Tomorrow 3:00 pm
Wetter-Symbol
4° | 4°°C 1 mm 100% 12 mph 88 % 1022 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€93,985.87
-0.44%
Ethereum(ETH)
€2,614.54
-1.90%
Fesseln(USDT)
€0.97
-0.01%
XRP(XRP)
€2.24
-7.33%
Solana(SOL)
€185.23
-4.87%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.241022
-4.96%
Shiba Inu(SHIB)
€0.000014
-6.54%
Pepe(PEPE)
€0.000009
-7.19%
Nach oben scrollen