Security News > 2020 > September > Russian Hackers Target Russian Companies With Ransomware
A hacking group whose members are Russian speakers is targeting organizations in Russia and post-Soviet countries with ransomware, Group-IB's security researchers have discovered.
The adversary employs phishing as means to compromise enterprise networks, and has been observed impersonating the self-regulatory organization Mikrofinansirovaniye i Razvitiye; the Minsk Tractor Works plant in Belarus; a Russian metallurgical holding company; the Russian media group RBC; and a dental clinic, Group-IB explains.
In May, OldGremlin leveraged a fake email allegedly from a Russian RBC journalist that offered a bank employee an interview.
Roughly 250 malicious emails were sent to Russian companies in the financial and industrial sectors.
"OldGremlin is the only Russian-speaking ransomware operator that violates the unspoken rule about not working within Russia and post-Soviet countries. They carry out multistage targeted attacks on Russian companies and banks using sophisticated tactics and techniques similar to those employed by APT groups," Oleg Skulkin, senior digital forensics analyst at Group-IB, commented.
News URL
Related news
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)