Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses
2024-4-9 22:16:12 Author: therecord.media(查看原文) 阅读量:2 收藏

A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group.

The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.

In a January incident described in a F.A.C.C.T. report, the hackers attacked an unnamed Russian business by encrypting its Windows systems and VMware ESXi virtual infrastructure.

To remotely access the victim’s IT infrastructure, the attackers used the company’s virtual private network (VPN) service. To infect the targeted network with ransomware, the attackers disguised it as popular corporate antivirus software installed on the company's computers.

Unlike the original Conti malware, the one developed by Muliaka — whose name comes from a phishing email sent by the group — terminates processes on the victim’s computer and stops certain system services before starting the file encryption, according to the analysis. Researchers said that Muliaka’s variant was “one of the most interesting upgrades among other malicious tools created after the Conti leak.”

The researchers couldn’t identify the origins of the group, nor did they specify the size of the ransom demanded or whether the targeted company paid it.

F.A.C.C.T. said that many financially motivated hacker groups are taking advantage of the current geopolitical situation in Russia to ramp up their attacks: “Impunity and a large number of potential victims who are careless about the cybersecurity of their business attract lovers of easy money.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


文章来源: https://therecord.media/muliaka-ransomware-group-targeting-russian-businesses-conti
如有侵权请联系:admin#unsafe.sh