Extortionist hacker group makes 2 attacks on Russian companies
Moscow, April 15 (UNI/Sputnik) A hacker group called OldGremlin carried out two attacks on Russian companies, with one of them exploiting Visa and MasterCard payment systems leaving the country, Russian cybersecurity company Group-IB said.
On March 6, both Visa and Mastercard announced they were suspending operations in Russia in protest of its military operation in Ukraine, and that their cards issued by Russian banks would no longer work outside the country.
“Group-IB detected two new #OldGremlin ransomware attacks on Russian companies on March 22 and 25. In the first mailing, the extortionists play up the topic of sanctions and the ‘complete withdrawal’ of Visa and Mastercard payment systems,” the company tweeted.
The company said that in order to obtain a new bank card the client was bidden to study the instructions and fill out a questionnaire. In fact, the letters contained links to a malicious document.
According to the Group-IB, the second attack, which was carried out on March 25, was detected after the analysis of OldGremlin’s network infrastructure.
“Group-IB experts suggest that the new mailings may have infected a large number of companies, and in the coming months hackers will slowly and carefully move into their infrastructure, bypassing ‘default’ protections without undue haste,” the company added.
Ransomware activity from OldGremlin was first detected by Group-IB analysts in the spring of 2020. In just two years, according to Group-IB data, the hackers conducted 13 campaigns of malicious emails, which were always drafted “with great care” to match current news agenda.
Original Source link