Google discovers 'Initial Access Broker' working with Russian cyber crime gang
By MYBRANDBOOK
Google's Threat Analysis Group (TAG) exposes a new initial access broker dubbed Exotic Lily, which it said to be closely affiliated to a Russian cyber crime gang ill-famed for its Conti and Diavol ransomware operations.
Exotic Lily is said to have been involved in data exfiltration and deployment of the human-operated Conti and Diavol ransomware strains, both of which share overlaps with the Russian cybercriminal syndicate called Wizard Spider that's also known for operating TrickBot, BazarBackdoor, and Anchor.
In the Conti leaks, Conti members mention 'spammers' as someone who they work with (e.g., provide custom-built 'crypted' malware samples, etc.) through outsourcing. However, most of the 'spammers' don't seem to be present (or actively communicate) in the chat, hence leading to a conclusion they're operating as a separate entity.
Besides using fictitious companies and identities as a means to build trust with the targeted entities, Exotic Lily has leveraged legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver BazarBackdoor payloads in a bid to evade detection mechanisms.
The researchers said, “At the final stage, the attacker would upload the payload to a public file-sharing service (TransferNow, TransferXL, WeTransfer or OneDrive) and then use a built-in email notification feature to share the file with the target, allowing the final email to originate from the email address of a legitimate file-sharing service and not the attacker's email, which presents additional detection challenges.”
An analysis of the Exotic Lily's communication activity indicates that the threat actors have a "typical 9-to-5 job" on weekdays and may be possibly working from a Central or an Eastern Europe time zone.
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
CP PLUS INDIA PVT. LTD.
WIPRO LTD.
SAMRIDDHI AUTOMATIONS PVT. LTD.
STERLITE TECHNOLOGIES LTD.
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Som Satsangi
With more than three decades in the IT Sector, Som is responsible for ...
Technology Icons Of India 2023: Debjani Ghosh
Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
GeM maintains transparency in online procurement of goods & services
Created in a record time of five months, Government eMarketplace is a ...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...