Security News > 2022 > March > Google exposes tactics of a Conti ransomware access broker

Google exposes tactics of a Conti ransomware access broker
2022-03-17 20:30

Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations.

It was determined that "EXOTIC LILY" is an initial access broker that uses large-scale phishing campaigns to breach targeted corporate networks and then sells access to those networks to ransomware gangs.

While the activities of EXOTIC LILY overlap with Conti's own operations, Google's threat analysts believe it's a distinct threat actor focusing entirely on the establishment of initial network access.

"While the nature of those relationships remains unclear, EXOTIC LILY seems to operate as a separate entity, focusing on acquiring initial access through email campaigns, with follow-up activities that include deployment of Conti and Diavol ransomware, which are performed by a different set of actors," details Google's report.

Recently, researchers discovered that the Conti ransomware operation had taken control over the development of TrickBot's malware families, which is supported by conversations between Conti managers exposed in the Conti leaks.

It wouldn't be surprising if Conti had its own internal teams that focused on high-level spear phishing and initial network access that deployed these infections.


News URL

https://www.bleepingcomputer.com/news/security/google-exposes-tactics-of-a-conti-ransomware-access-broker/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702