OldGremlin Definitely Did That! | Cyware Alerts


A new Russian-speaking ransomware gang has planed campaigns against critical infrastructure in Russia.

The scoop

OldGremlin, in a recent series of campaigns, defied the unspoken rule against attacks on home soil. The threat actor has been targeting Russian companies, including financial institutions, medical firms, and industrial enterprises, with ransomware attacks. It relies on custom backdoors known as TinyNode and TinyPosh, to gain access to the target organization.

Why this matters

OldGremlin has been continuously switching up its spear-phishing lures to impersonate several organizations – ranging from Russian dental clinic to Russian microfinance firm, Edinstvo. The cybercriminal gang has also mimicked the media group, RBC, in various campaigns.

Attack vector

  • OldGremlin came to the spotlight after its attack against a medical company. It only lasted for 20 seconds before Windows Defender threw it out. However, in these 20 seconds, the trojan achieved persistence in the system.
  • A few weeks later, the group deleted all the organization’s backups and demanded $50,000 in cryptocurrency.
  • The well-designed spear-phishing emails consist of current news as a lure.

The bottom line

OldGremlin began its activities between late-March and early-April. It mainly took advantage of COVID-19 lures. They have been spotted conducting multi-stage targeted attacks on Russian organizations using sophisticated TTPs, usually seen among APT groups.



Source link

Recent articles

FIFA World Cup 2022™ – News – FIFA World Cup 2022™ First Sustainability Progress Report published

The FIFA World Cup 2022™ First Sustainability Progress Report provides an update on the progress made by FIFA, the...

Google Antitrust Fight Thrusts Low-Key C.E.O. Into the Line of Fire

OAKLAND, Calif. — When Sundar Pichai succeeded Larry Page as the head of Google’s parent company in December, he was handed a bag...

How do I know if grad school is worth it?

College enrollment is down overall compared with last year due to the coronavirus. But the economic effects of the pandemic may actually be...

Nike Moto

Source link

Iranian Fokker 100 engine parts penetrate cabin after uncontained failure | News

Iranian investigators are probing the serious uncontained failure of a Fokker 100 engine which forced the crew to abort take-off from Tehran’s Mehrabad...

Leave a reply

Please enter your comment!
Please enter your name here