Security News > 2022 > June > Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks
An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices.
"Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium said in a report shared with The Hacker News.
The conversations among the Conti members, which leaked after the group pledged its support to Russia in the latter's invasion of Ukraine, have shed light on the syndicate's attempts to mine for vulnerabilities related to ME firmware and BIOS write protection.
Control over the firmware could also be exploited to gain long-term persistence, evade security solutions, and cause irreparable system damage, enabling the threat actor to mount destructive attacks as witnessed during the Russo-Ukrainian war.
"The Conti leaks exposed a strategic shift that moves firmware attacks even further away from the prying eyes of traditional security tools," the researchers said.
"The shift to ME firmware gives attackers a far larger pool of potential victims to attack, and a new avenue to reaching the most privileged code and execution modes available on modern systems."
News URL
https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)