A new Domino Backdoor popped out at the beginning of 2023. Since February, a new malware family coined Domino is used for attack on corporations, having Project Nemesis stealer as a final payload. Analysts say that the new backdoor is controlled and developed by ex-TrickBot/Conti actors and hackers related to the FIN7 group. Who are… Continue reading Domino Backdoor is Lead by FIN7 and Conti Actors
Tag: Conti
TrickBot Hack Group Systematically Attacks Ukraine
IBM Security X-Force experts noticed that from the very beginning of the full-scale Russian invasion, the TrickBot hack group “systematically attacks” Ukraine, which has not been observed before. It is believed that from mid-April to June 2022, hackers have already organized at least six such phishing campaigns. Let me remind you that the TrickBot hack… Continue reading TrickBot Hack Group Systematically Attacks Ukraine
Conti’s blockchain plans: an ominous prospect
Earlier this year, on February 22, Conti’s gang became popular because of published Twitter information from an account called “Conti Leaks”. Thanks to the published information, the cyber security community was able to analyze the activities of the gang and its complicated cases. So we were able to learn that the group’s goal was to… Continue reading Conti’s blockchain plans: an ominous prospect
Conti vs. LockBit 2.0 – a Trend Micro Research in Brief
Trend Micro, a Japanese IT security company, has published a thorough comparison of behaviors of two major ransomware groups: Conti and LockBit 2.0. Here you can read a shorter summary of what they found out. Conti and LockBit 2.0 are outstanding operators regarding how many targets they managed to attack. The period analyzed is from… Continue reading Conti vs. LockBit 2.0 – a Trend Micro Research in Brief
Conti Ransomware Shutdown, Site Disabled
Conti operators shut down the remnants of the public infrastructure. Two servers on the Tor network that were used to publish victims’ data and negotiate ransoms are down. The Conti News website’s admin panel and the stolen information storage were closed a month ago, and the list of non-payers has not been updated all this… Continue reading Conti Ransomware Shutdown, Site Disabled
NCC Group’s May 2022 Threat Report Reflects Conti’s End
NCC Group’s monthly report on cyber threats features some curious news, namely the alleged closure of ransomware group Conti and the strengthening of the Lockbit 2.0 gang. Conti, a notorious Russian ransomware gang responsible for the attack on Irish medical institutions last year, is believed to be disbanded after the internal correspondence of the gang… Continue reading NCC Group’s May 2022 Threat Report Reflects Conti’s End
War in Ukraine triggered a Stream of amateurish ransomware
Russia has provoked hackers around the world to focus their attacks on the servers of the largest companies, TV channels, banks, and government agencies. According to the statistics given by ESET, Russia has entered the list of the most attacked countries, which was not relevant earlier. More and more amateur hackers appeared after February, 24… Continue reading War in Ukraine triggered a Stream of amateurish ransomware
The Conti Ransomware Ceases Operations and Breaks Up into Several Groups
Experts report that the Conti ransomware is going out of business, group ceases operations, its infrastructure is disabled, and the group’s leaders have said the brand already does not exist. One of the first to notice the change was Elisey Boguslavsky of Advanced Intel, who tweeted that the group’s internal infrastructure had been shut down.… Continue reading The Conti Ransomware Ceases Operations and Breaks Up into Several Groups
Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider
Information security specialists from PRODAFT have published the results of an investigation into the Wizard Spider group, which is allegedly associated with the Grim Spider and Lunar Spider hacker groups. The Wizard Spider group, possibly of Russian origin, manages an infrastructure of “a complex set of sub-commands and groups, controls a huge number of hacked… Continue reading Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider
Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption
Not a long time ago, a cybersecurity analyst posted a video on YouTube where he shows the vulnerability in ransomware samples used by well-known ransomware groups. In the footage, expertly shows this exploit usage on the REvil ransomware sample, but there are half a dozen of ransomware products vulnerable to that thing. The crooks’ weapon… Continue reading Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption