#report #ransomware #OldGremlin
๐ฟDon't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
๐OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
๐For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
๐The groupโs victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CKยฎ.
๐ฟDon't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
๐OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
๐For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
๐The groupโs victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CKยฎ.
๐ฅ9๐2
#MajikPOS #blog
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IBโs estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples ๐
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IBโs estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples ๐
๐1
#cybersecuritytips #breaches
The consequences of data breaches might be devastating for companies. This #CybersecurityAwarenessMonth we want to share with you some recommendations on how to prevent data leakages. Check them out!
The consequences of data breaches might be devastating for companies. This #CybersecurityAwarenessMonth we want to share with you some recommendations on how to prevent data leakages. Check them out!
๐ฅ8
#report #OPERA1ER
๐ธ OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. Many of the victims identified were successfully hit twice, and their infrastructure was then used to attack other organizations.
In collaboration with the researchers from Orange CERT Coordination Center, Group-IB is releasing a new report "OPERA1ER. Playing God without permission".
๐OPERA1ER traces its roots back to 2016. Between 2018 and 2022, the gang managed to steal at least $11 million, and the actual amount of damage could be as high as $30 million.
๐OPERA1ER has been seen targeting companies across in 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, Argentina. Africa clearly remains their priority.
๐One of OPERA1ERโs attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals.
Download Group-IB's new report "OPERA1ER. Playing God without permission" to get detailed information about the tactics, techniques, and procedures (TTPs), tools and kill chain of this gang.
๐ธ OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. Many of the victims identified were successfully hit twice, and their infrastructure was then used to attack other organizations.
In collaboration with the researchers from Orange CERT Coordination Center, Group-IB is releasing a new report "OPERA1ER. Playing God without permission".
๐OPERA1ER traces its roots back to 2016. Between 2018 and 2022, the gang managed to steal at least $11 million, and the actual amount of damage could be as high as $30 million.
๐OPERA1ER has been seen targeting companies across in 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, Argentina. Africa clearly remains their priority.
๐One of OPERA1ERโs attacks involved a vast network of 400 mule accounts for fraudulent money withdrawals.
Download Group-IB's new report "OPERA1ER. Playing God without permission" to get detailed information about the tactics, techniques, and procedures (TTPs), tools and kill chain of this gang.
๐ฅ10
Group-IB
#report #OPERA1ER ๐ธ OPERA1ER knocking on your door. The prolific French-speaking threat actor, codenamed OPERA1ER (aka Common Raven and DESKTOP-group) managed to carry out more than 30 successful attacks against banks, financial services, and telecommunicationโฆ
#blog #OPERA1ER
Threat actors are constantly developing new TTPs and in August 2022, with the help of Przemyslaw Skowron, Group-IB identified some new servers used by OPERA1ER. The latest IOCs and OPERA1ERโs targets can be found in this blog post๐
Threat actors are constantly developing new TTPs and in August 2022, with the help of Przemyslaw Skowron, Group-IB identified some new servers used by OPERA1ER. The latest IOCs and OPERA1ERโs targets can be found in this blog post๐
๐5