Security News > 2022 > September > Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022.

One of the prominent campaigns undertaken by the group in June 2022 entailed the abuse of Follina vulnerability in the Windows operating system to deploy CrescentImp and Cobalt Strike Beacons on to targeted hosts in media and critical infrastructure entities.

This appears to be a part of a series of attacks that commenced way back in late April 2022, when the group conducted an email phishing campaign to deliver AnchorMail, a variant of the TrickBot group's AnchorDNS implant that uses SMTP for command-and-control.

UAC-0098 is far from the only Conti-affiliated hacking group to set its sights on Ukraine since the onset of the war.

"UAC-0098 activities are representative examples of blurring lines between financially motivated and government backed groups in Eastern Europe, illustrating a trend of threat actors changing their targeting to align with regional geopolitical interests," Bureau said.

"The group demonstrates strong interest in breaching businesses operating in the hospitality industry of Ukraine, going as far as launching multiple distinct campaigns against the same hotel chains."

News URL

https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html