The DEV-0270 (aka Nemesis Kitten), an Iranian state-sponsored hacker group has been uncovered abusing a Windows feature known as BitLocker.
While Nemesis Kitten is one of the sub-groups of the Iranian threat actor group known as, PHOSPHORUS.
The threat intelligence team of Microsoft claims that as soon as new security vulnerabilities are disclosed, the group takes advantage of them as quickly as possible. The attacks made by this group utilize living-off-the-land binaries (LOLBINs) to the fullest extent possible.
With BitLocker, you can protect your data by providing full volume encryption on devices that run the following operating systems:-
Setup.bat commands are used by the operators of DEV-0270 as part of its method of enabling the BitLocker encryption feature.
Due to this, the hosts become inoperable and are unable to function. Currently, for the workstations, there is a disk encryption program called DiskCryptor which is used by the group.
In the case of DEV-0270, it has been observed that the time to ransom (TTR) between an attacker’s initial access to a victim’s system and deployment of the ransom note is approximately two days.
Here the attacker makes a demand for the payment of $8,000 for the victims’ decryption keys in the event of success.
There is a strong possibility that DEV-0270 is moonlighting as a revenue-generating tool for a company or for personal use. However, this is not accurately confirmed, since this is Microsoft’s firm speculation.
Under two aliases, this group is being run by an Iranian company that is known by the following names:-
In addition to these organizations, Najee Technology Hooshmand, which is based in Karaj, Iran, is also connected to these organizations. When it comes to targeting, the group tends to take advantage of opportunistic opportunities.
Here below we have mentioned all the recommended mitigations:-
Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers (CISOs),…
Application security in 2025 has become a defining concern for every Chief Information Security Officer…
Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief Information…
In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental reimagining…
Building a scalable cybersecurity framework is essential in today’s rapidly evolving digital landscape, enabling organizations…
In today’s digital-first business environment, protecting intellectual property is crucial, as IP remains one of…