Security News > 2024 > July > Microsoft links Scattered Spider hackers to Qilin ransomware attacks
Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks.
"In the second quarter of 2024, financially motivated threat actor Octo Tempest, our most closely tracked ransomware threat actor, added RansomHub and Qilin to its ransomware payloads in campaigns," Microsoft said Monday.
The Qilin ransomware operation that Scattered Spider just joined surfaced in August 2022 under the "Agenda" name but was rebranded as Qilin just one month later.
After obtaining admin credentials and collecting all sensitive data, they deploy the ransomware payloads to encrypt all network devices and leverage the stolen data to carry out double-extortion attacks.
Last month, the CEO of the UK's National Cyber Security Centre linked Qilin to a ransomware attack that hit pathology services provider Synnovis in early June and impacted several major NHS hospitals in London, forcing them to cancel hundreds of operations and appointments.
Qilin ransomware gang linked to attack on London hospitals.
News URL
Related news
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)