Google discovers 'Initial Access Broker' working with Russian cyber crime gang
By MYBRANDBOOK
Google's Threat Analysis Group (TAG) exposes a new initial access broker dubbed Exotic Lily, which it said to be closely affiliated to a Russian cyber crime gang ill-famed for its Conti and Diavol ransomware operations.
Exotic Lily is said to have been involved in data exfiltration and deployment of the human-operated Conti and Diavol ransomware strains, both of which share overlaps with the Russian cybercriminal syndicate called Wizard Spider that's also known for operating TrickBot, BazarBackdoor, and Anchor.
In the Conti leaks, Conti members mention 'spammers' as someone who they work with (e.g., provide custom-built 'crypted' malware samples, etc.) through outsourcing. However, most of the 'spammers' don't seem to be present (or actively communicate) in the chat, hence leading to a conclusion they're operating as a separate entity.
Besides using fictitious companies and identities as a means to build trust with the targeted entities, Exotic Lily has leveraged legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver BazarBackdoor payloads in a bid to evade detection mechanisms.
The researchers said, “At the final stage, the attacker would upload the payload to a public file-sharing service (TransferNow, TransferXL, WeTransfer or OneDrive) and then use a built-in email notification feature to share the file with the target, allowing the final email to originate from the email address of a legitimate file-sharing service and not the attacker's email, which presents additional detection challenges.”
An analysis of the Exotic Lily's communication activity indicates that the threat actors have a "typical 9-to-5 job" on weekdays and may be possibly working from a Central or an Eastern Europe time zone.
Google Pay has added "Open Wallet" shortcut
With the introduction of the "Open Wallet" shortcut, Google Pay has impro...
TRAI targets to finalise National Broadcast Policy by May-end
The Telecom Regulatory Authority of India will finalise the National Broa...
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
TP-LINK INDIA PVT LTD.
OPTIEMUS INFRACOM
ZOHO CORPORATION PVT. LTD.
DELL TECHNOLOGIES INDIA PVT. LTD.
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
Technology Icons Of India 2023: Amitabh Kant
Amitabh Kant is presently the G20 Sherpa of India during its Presidenc...
Technology Icons Of India 2023: Josh Foulger
Josh is the Country Head of India and MD of Bharat FIH Ltd (A Foxconn ...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
EXCLUSIVE NETWORKS SALES INDIA PVT. LTD.
Exclusive Networks is a globally trusted cybersecurity specialist hel...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...