2 min read

Phosphorus Hacker Group Running Ransomware Campaign, Microsoft Warns

Vlad CONSTANTINESCU

September 08, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phosphorus Hacker Group Running Ransomware Campaign, Microsoft Warns

Iranian cybercrime group Phosphorus is leading a ransomware campaign for personal gain, Microsoft’s threat intelligence center (MSTIC) researchers disclosed yesterday.

Security experts believe a subgroup, dubbed Nemesis Kitten and tracked as DEV-0270, leads several malicious operations, including extensive vulnerability scanning, on behalf of the Iranian government.

They also suspect that, due to the nature of the attacks, most of which “lacked a strategic value for the regime,” the newly observed campaign may not be coordinated by the government and instead is run for the personal gain of the gang members.

The threat actors attempted to gain access through various known vulnerabilities, such as Exchange, Fortinet, and Log4j 2. After breaching a targeted device or network, the attackers would perform environment discovery and credential theft, achieve persistence, escalate privileges, and deploy evasive techniques to dodge detection.

“The threat group commonly uses native WMI, net, CMD, and PowerShell commands and registry configurations to maintain stealth and operational security,” according to MSTIC’s security advisory. “They also install and masquerade their custom binaries as legitimate processes to hide their presence. Some of the legitimate processes they masquerade their tools as include: dllhost.exe, task_update.exe, user.exe, and CacheTask.”

Security experts noticed that DEV-0270 attacks often enable BitLocker encryption through setup.bat commands, rendering the host device unusable. The hacker group deploys DiskCryptor, an open-source encryption tool, on compromised Windows devices through RDP. Upon launch, the tool starts to encrypt the device’s entire disk drive and locks the victim out of the workstation.

In the security advisory, MSTIC included a series of mitigation tips to deter DEV-0270-specific techniques:

  • Prioritize patching internet-facing Exchange servers
  • Apply security updates and fixes as soon as they become available
  • Use a firewall to prevent RPC and SMB communications
  • Enforce strong administrator password policies
  • Ensure your antivirus software is up to date
  • Back up data to prevent damage from destructive attacks

Specialized software such as Bitdefender Ultimate Security can keep you safe against online threats, with features like:

  • All-round real-time data protection that works against worms, Trojans, zero-days, ransomware, viruses, spyware, rootkits and other e-threats
  • Multi-layer ransomware protection that keeps your files safe from various ransomware attacks
  • Advanced threat defense that closely monitors active apps and acts instantly upon detecting suspicious activity
  • Rescue environment module that removes sophisticated malicious components before Windows starts

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read