Google announced former Conti ransomware attacked Ukrainian Organizations
Experts from Google’s TAG ie Threat Analysis Group have said that some former members of the Conti Ransomware Group, which have now joined the UAC-0098 Group, and now European non-governmental companies and organizations, as well as Ukrainian organizations and companies, have their own are targeting.
Let me tell you that UAC-0098 is a type of Early Access Broker that works by using the IcedID Banking Trojan virus to access Ransomware in the network of any target company.
Threat Analysis Group has been closely monitoring UAC-0098’s activities since April of 2022, probably as a result of it discovering a phishing campaign and also sending Conti-linked anchor mail to the backfoot. forced. Now many people will be curious to know what is this Threat Analysis Group. So let me tell you TAG ie Threat Analysis Group is an authentic team of defense experts, which acts as a security force for Google users from all types of attacks sponsored by the state.
All the attacks related to this group were seen from the middle of April to the middle of June of this year and then after that, the attackers of the group changed their strategy, and perhaps this would be the reason behind this their baits would not have worked. Given information related to this attack, experts said that the attackers behind this attack were very clever because they had introduced themselves by changing their identity, they pretend themselves were representatives of Elon Musk and Starlink, and sometimes pretends to be Ukraine’s National Cyber Police.
After attacking European NGOs and Ukrainian organizations, a campaign was launched in which IcedID and Cobalt strike payloads were distributed through UAC-0098. By the way, the attackers keep on finding some new way of attacking continuously and for this, they also create different types of viruses apart from these researchers work hard to thwart these attackers in their efforts and create necessary Guidelines if we want to be safe from such attacks, then we should also follow the guideline made by them.
you can also read