Monday, November 25, 2024
HomeComputer SecurityNetwork Intruders Teamup With Ransomware Developers to Hack Corporate Networks

Network Intruders Teamup With Ransomware Developers to Hack Corporate Networks

Published on

Cyberattacks rapidly growing every day, it emerges as one of the biggest challenges for businesses. Network intruders and ransomware developer groups develop an alliance with each other to maximize the revenue with the ransomware market.

They partnership together to attack the most secure and lucrative targets. AdvIntel report shows how the underground community developing multidimensional structures of criminal alliances.

Access to Corporate Network Data

Ransomware groups tend to follow several strategic methods to infect a larger number of attackers, they attack high-profile targets such as corporations or government entities to yield thousands of dollars.

- Advertisement - SIEM as a Service

To perform the operations ransomware groups collaborate with several third-parties such as network breach experts and malware developers who develop their malware strain.

“The Russian-speaking underground is a home for many skilled network breach experts who orchestrate complex intrusion operations and obtain high-profile accesses,” reads AdvIntel report.

For network breach experts monetization is a significant challenge, the ransomware groups offer a solution for monetization.

Researchers observed that a hacker dubbed “-TMT-” joined the underground community to monetize their corporate network compromises. The group advertised that they have stolen credentials of various corporate networks and the price varies from $3,000 to $5,000.

Corporate Network
Network Intruders and Ransomware Syndicates Join Efforts Credits: AdvIntel

Through private chats, they provide “several accesses to compromised entities, as well as stolen credentials for administrative accounts on the victim’s websites,” reads the blog post.

Their targets are not any specific jurisdiction or industry vector. Following are the victims of “-TMT-“.

  • A Latin American house products provider operating in Chile, Bolivia, and Peru – 1069 hosts, 105 servers compromised
  • A Taiwanese meta manufacturer – 388 hosts,15 servers compromised
  • A Colombian financial services provider – 623 hosts compromised
  • An international maritime logistics services provider – 668 hosts compromised
  • A network of US universities and educational institutions – 875 hosts, 87 servers compromised
  • A Danish dairy producer – 1 host, 72 servers compromised
  • A Bolivian energy sector company – 270 hosts, 12 servers compromised

-TMT- hacker also provided evidence for the breaches, this was reported to US law enforcement by AdvIntel. The hacker also claimed that they have exfiltrated the login credential and navigated the network to escalate privileges.

The hacker primarily focuses on the corporate networks and they use compromised RDP and malware for initial stages of the attack.

-TMT- with REvil Ransomware

In private communication -TMT- proposes that “open a single session and upload ransomware and other payloads or to provide continuous access to the network.”

“According to AdvIntel sensitive source intelligence, since August 2019, -TMT- among other ransomware collectives has been working with the REvil developers supporting their crypto locker uploads.”

The connection may originate as both the threat actors shares their specialization and both the threat actors simultaneously left the Exploit forum.

The partnership between network intruders, Metasploit/Cobalt Strike specialists and ransomware developers rely on a solid foundation to launch high-profile attacks.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Read More

ATM Jackpotting – Cutlet Maker Malware Spike Around the World to Spit the Cash From ATM

Hackers Embedded the Malicious Code Within WAV Audio Files to Gain Reverse Shell Access

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...