1. Forum
  2. tqwNet
  3. TQW GENTECH

  • North Korean hackers linked to Play ransomware attacks

    From TechnologyDaily@1337:1/100 to All on Thursday, October 31, 2024 16:45:05
    North Korean hackers linked to Play ransomware attacks

    Date:
    Thu, 31 Oct 2024 16:42:00 +0000

    Description:
    Jumpy Pisces is moving away from espionage and into ransomware, offering IAB services to peers.

    FULL STORY ======================================================================

    Jumpy Pisces, a North Korean state-sponsored threat actor also known as Onyx Sleet, or Andariel, has recently shifted its focus to ransomware attacks, experts have warned.

    In a recent technical analysis, researchers from Unit 42 said although Jumpy Pisces had previously focused on cyber-espionage and financial crimes, it has in recent times teamed up with the infamous Play Ransomware group (also known as Fiddling Scorpius).

    Play emerged in the summer of 2022, and has since then grown into a
    formidable threat actor - so much so that in December 2023, the FBI warned about this group, claiming it compromised roughly 300 victims in its first year and a half of its existence. Initial access brokers

    "Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe," the agency said at the time. "As of October 2023, the FBI was aware of approximately 300 affected entities allegedly exploited by the ransomware actors."

    The role Jumpy Pisces plays in this partnership is not definitively determined, but its most likely that it acts as an initial access broker (IAB), opening Play operators doors to different victims.

    Unit 42 believes this change is significant because it shows that Jumpy
    Pisces is getting more involved in ransomware activities, and are using existing ransomware infrastructure instead of building its own. That makes
    the attacks more sophisticated, and possibly - more widespread.

    However, BleepingComputer added that in an average ransomware attack, there are multiple parties involved. Most ransomware variants these days operate on an as-a-service model, meaning that the developers are not the ones infecting victims, and that the two end up splitting eventual profits. Add IAB to the mix, and now there are at least three separate threat actors engaged in a single attack.

    In any case, companies should be extra vigilant, the researchers conclude, warning that this new teamup might lead to serious ransomware infections.
    More from TechRadar Pro This dangerous new Linux malware is going after
    VMware systems with multiple extortion attempts Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-linked-to-play-ran somware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)