• Latest
  • Trending
Ransomware Group Rebrands Multiple Times to Evade Detection

Ransomware Group Rebrands Multiple Times to Evade Detection

December 1, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 30 September, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Ransomware Group Rebrands Multiple Times to Evade Detection

by ITECHNEWS
December 1, 2021
in Infosec
0 0
0
Ransomware Group Rebrands Multiple Times to Evade Detection

A mid-sized ransomware group known for targeting healthcare and education sector organizations has repeatedly rebranded over the past year to avoid scrutiny, according to Mandiant.

The “54BB47h” (Sabbath) group first appeared on the radar in September when it advertised for affiliate partners, the threat intelligence firm said.

YOU MAY ALSO LIKE

Data Leak Hits Thousands of NHS Workers

EU Cybersecurity Agency Warns Against Chinese APTs

Unusually for a ransomware group, it provides these affiliates with their own pre-configured Cobalt Strike Beacon backdoor payloads. While this posed a challenge for Mandiant’s attribution efforts, it also offered a starting point for its investigation.

“Mandiant Advanced Practices began proactively identifying similar Beacon infrastructure across past Mandiant Consulting engagements, Advanced Practices external adversary discovery programs, and commercially available malware repositories,” it explained.

“Through this analysis, Advanced Practices linked the new Sabbath group to ransom activity under previously used names including Arcane and Eruption.”

Further investigation revealed that the Sabbath public disclosure/extortion blog was virtually identical to one associated with Arcane, right down to the same grammatical errors. Affiliate Beacon samples and infrastructure also remained unchanged after the rebrand.

Sabbath, Arcane and Eruption were traced to threat group UNC2190, which “uses a multifaceted extortion model where ransomware deployment may be quite limited in scope, bulk data is stolen as leverage, and the threat actor actively attempts to destroy backups.”

The group has in the past even emailed staff, students and parents of a US school district it targeted in order to force a payment.

Interestingly, among the system languages the code checks for to avoid infecting victims from certain countries are not only former Soviet states but also Swedish, Thai, Turkish, Urdu, Indonesian, Vietnamese and Yiddish.

It seems to indicate the ransomware operators are going to extreme lengths to avoid unwanted police attention.

“UNC2190 has continued to operate over the past year while making only minor changes to their strategies and tooling, including the introduction of a commercial packer and the rebranding of their service offering,” Mandiant concluded.

“This highlights how well-known tools, such as Beacon, can lead to impactful and lucrative incidents even when leveraged by lesser-known groups.”

Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version