1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft links Holy Ghost ransomware operation to North Korean h

    From TechnologyDaily@1337:1/100 to All on Fri Jul 15 15:15:04 2022
    Microsoft links Holy Ghost ransomware operation to North Korean hackers

    Date:
    Fri, 15 Jul 2022 14:00:10 +0000

    Description:
    Hackers aren't not state-sponsored, but are linked to the government, often using the same infrastructure as Lazarus.

    FULL STORY ======================================================================

    Holy Ghost, a lesser-known ransomware operator, is most likely being managed by North Korean hackers, Microsoft has said.

    The companys Threat Intelligence Center (MSTIC) has been tracking the malware variant for more than a year now, and has found multiple evidence pointing to North Koreans being behind the operation.

    Although the group seems to be linked to the countrys government, it appears as if its not on payroll, but rather a financially motivated group that sometimes co-operates with the government. Typical MO

    MSTIC says the group has operated for quite some time now, but failed to become as big or as popular as other major players, such as BlackCat, REvil, or others.

    It has the same modus operandi: find a flaw in the targets systems (Microsoft spotted the group abusing CVE-2022-26352), move laterally across the network, mapping all of the endpoints, exfiltrate sensitive data, deploy ransomware (earlier, the group used SiennaPurple variant, later switched to an upgraded SiennaBlue version), and then demand a ransom payment in exchange for the decryption key and a promise that the data wont be leaked/sold on the black market.

    The group would usually target banks, schools, manufacturing organizations, and event management firms. Read more

    Lazarus hackers are using malicious cryptocurrency apps, FBI warns


    FBI says North Korean Lazarus group was behind huge crypto theft


    These are the best ID theft protection services today

    As for payment, the group would demand anywhere between 1.2 and 5 bitcoins, which is approximately $30,000 - $100,000, at todays prices. However, even though these demands are relatively small, compared to other ransomware operators, Holy Ghost was still willing to negotiate and reduce the price
    even further, sometimes getting just a third of what it initially asked for.

    Even though the things like attack frequency, or choice of target, made researchers think Holy Ghost is not a state-sponsored actor, there are some connections to the government. Microsoft found the group communicating with the Lazarus Group, which is a known state-sponsored actor. Whats more, both groups were operating from the same infrastructure set, and even using custom malware controllers with similar names. These are the best firewalls right
    now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-links-holy-ghost-ransomware-operation -to-north-korean-hackers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)