Security News > 2022 > May > Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia.
Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion.
The threat actor is said to have conducted two different sets of intrusions, one of which relates to opportunistic ransomware attacks involving the use of legitimate tools like BitLocker and DiskCryptor for financial gain.
The second set of attacks are more targeted, carried out with the primary goal of securing access and gathering intelligence, while also deploying ransomware in select cases.
Initial access routes are facilitated by scanning internet-facing servers vulnerable to highly publicized flaws in Fortinet appliances and Microsoft Exchange Servers to drop web shells and using them as a conduit to move laterally and activate the ransomware.
"The January and March incidents typify the different styles of attacks conducted by Cobalt Mirage," the researchers concluded.
News URL
https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html
Related news
- Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore (source)
- Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)
- Lazarus hackers breach six companies in watering hole attacks (source)