2 min read

Former Conti Ransomware Gang Members Target Ukraine, Google Says

Vlad CONSTANTINESCU

September 09, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Former Conti Ransomware Gang Members Target Ukraine, Google Says

Google Threat Analysis Group (TAG) researchers identified former Conti ransomware group members targeting Ukrainian and European non-governmental organizations (NGOs) as part of a different threat group.

Experts track the group as UAC-0098, an infamous threat actor notorious for facilitating access to compromised enterprise networks to ransomware groups through the IcedID banking trojan.TAG started to track the group in April after detecting a Conti-specificAnchorMail backdoor in an email phishing campaign.

“TAG started actively tracking UAC-0098 after identifying an email phishing campaign delivering AnchorMail (referred to as ’LackeyBuilder‘) in late April 2022,” according to the company’s security advisory. “AnchorMail is a version of the Anchor backdoor that uses the simple mail transfer protocol (SMTPS) for command and control (C2) communication. The tool, assessed to be developed by the Conti group, previously was installed as a TrickBot module.”

Researchers believe that financial and political incentives fueled the malicious operation. At the same time, they deemed it experimental for building AnchorMail “on the fly” using a combination of LackeyBuilder and batch scripts instead of deploying it directly.

While the threat actor frequently changed tactics, techniques and procedures (TTP), it remained faithful to its objective of hitting Ukrainian targets, mainly organizations in the hospitality industry. Early group activity saw the perpetrators pose as StarLink, Elon Musk, and National Cyber Police of Ukraine representatives in attacks against Ukrainian hotels.

Eventually, UAC-0098 broadened its spectrum and started deploying IcedID and Cobalt Strike malicious payloads against Ukrainian organizations, individuals and government entities, and European NGOs.

“Based on multiple indicators, TAG assesses some members of UAC-0098 are former members of the Conti cybercrime group repurposing their techniques to target Ukraine,” reads TAG’s announcement.


Dedicated software solutions such as Bitdefender Ultimate Security can offer you advanced protection against cyberthreats, with features like:

  • Real-time protection against worms, viruses, ransomware, zero-days, Trojans, spyware, rootkits and other e-threats
  • Multi-layer ransomware protection that keeps your data safe from ransomware attacks
  • Web filtering module that warns you of harmful websites and blocks known infected links
  • Anti-phishing utility that detects and blocks malicious websites that mimic legitimate ones to steal your credentials, financial data, or personal information
  • Real-time active app monitor that prevents infections as soon as it detects suspicious activity

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read