New Delhi, August 25: Singapore-headquartered cybersecurity firm Group-IB has found that an Iranian group of newbie hackers recently targeted companies in India, Russia, Japan and China for financial gain.
The attacks were carried out in June using Dharma ransomware and a mix of publicly available tools, Group-IB said on Monday. All the affected organisations had hosts with Internet-facing RDP (Remote Desktop) and weak credentials. Cyber Security and What it Means for You.
The hackers typically demanded a ransom between 1-5 BTC (Bitcoin), the company said. The value of one Bitcoin is currently believed to be more than Rs 8,46,387. Researchers with Group-IB recently observed increased activities around Dharma ransomware distribution.
Dharma, also known as Crysis, has been distributed under a ransomware-as-a-service (RaaS) model at least since 2016. Its source code popped up for sale in March 2020 making it available to a wider audience, Group-IB said.
During an incident response engagement for a company in Russia, Group-IB's Digital Forensics and Incident Response (DFIR) team established that Persian-speaking newbie hackers were behind a new wave of Dharma distribution. Jammu and Kashmir: Miscreants Create Fake Facebook Accounts of IG Vijay Kumar; Cyber Police Register FIR.
Even though the exact number of victims is unknown, the discovered forensic artifacts allowed them to establish the geography of their campaigns and the toolset, which is far behind the level of sophistication of big league Iranian APTs (advanced persistent threats), the company said.
The attacks came at a time when the pandemic exposed a great number of vulnerable hosts with many employees working from homes.
(The above story first appeared on LatestLY on Aug 25, 2020 09:29 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).