Connect with us
Hello ransomware operators used Chinese APT grouping methods Hello ransomware operators used Chinese APT grouping methods

Security

Hello ransomware operators used Chinese APT grouping methods

Published

on

The attackers allegedly intended to mislead the investigation.

A team of cybersecurity researchers from eSentire told details about a mysterious cyberattack that used sophisticated installation methods for a relatively simple ransomware.

The malicious campaign was discovered when cybercriminals attempted a ransomware attack on an unnamed product security testing organization. The attack was detected and stopped before it was successful, but provided eSentire researchers with enough information to analyze the tactics, methods and procedures used.

The methods used in this ransomware campaign were similar to those of the Chinese cybercriminal group APT27 (also known as Emissary Panda). According to experts, cybercriminals could have loaded simple Hello ransomware into the victim’s IT environment and thus distract information security experts from their true motives – cyber espionage.

The hackers exploited vulnerabilities in Microsoft SharePoint and the China Chopper remote access tool, which acts as a backdoor on compromised systems. The China Chopper web shell is often used by Chinese APT groups and attackers.

Criminals also used Mimikatz to steal passwords, escalate privileges, try to disable security solutions, and execute PowerShell commands using masquerading techniques, disguising themselves as a legitimate Kaspersky Anti-Virus solution.

Using the tactics of cybercriminal groups, the attackers allegedly intended to mislead the investigation.

Hello ransomware encrypts files with the .hello extension and leaves a ransom note. Hello ransomware is fairly simple by the standards of the most famous ransomware in 2021, as the group does not threaten victims with data breaches and does not have a data breach site to publish stolen information. In addition, the ransomware-as-a-service business model does not operate like many of the most prevalent ransomware variants today.

Click to comment

Leave a Reply

Your email address will not be published.

Security

17-year-old hacker who allegedly leaked GTA 6 gameplay videos online arrested in UK

Published

on

17 year old hacker who allegedly leaked GTA 6 gameplay videos online

London police today announced the capture of a 17-year-old teenager suspected of cybercrime in Oxfordshire. At the moment, it is only reported that the arrested person is in custody.

17-year-old hacker who allegedly leaked GTA 6 gameplay videos online arrested in UK

The police declined to say what caused the arrest, but a number of facts indicate that this particular teenager, associated with the Lapsus$ hacker group, previously hacked into Uber, and recently posted screenshots and videos of GTA 6 gameplay on the Web.

In March, Bloomberg wrote that the person believed to be behind several major network hacks was a 16-year-old teenager whose home is in Oxfordshire. Uber wrote on its blog after the hack: “We believe this attacker (or attackers) is associated with a hacker group called Lapsus$, which is becoming more and more active.” A hacker who posted a GTA 6 video online claimed responsibility for the attack on Uber in forum posts.

Recall, yesterday it became known that the FBI joined the investigation into the hacking of Uber and the publication of GTA 6 materials online.

Continue Reading

Gaming

The security specialist was able to “hack” the PS5 through the same vulnerability that he used to jailbreak the PS4

Published

on

The security specialist was able to hack the PS5 through

Security specialist Andy Nguyen was able to bypass the protection of the PS5 game console and “hack” it using an old vulnerability that he also used on the PS4. It concerns the features of the exFAT file system in Sony’s implementation. In 2020, Nguyen managed to jailbreak his PS4 using the same vulnerability. As a result, the specialist received full access to the system core.

The security specialist was able to

The researcher suggested that during the transition from FreeBSD9 to FreeBSD11, the patch that closed the vulnerability somehow stopped working or was removed during the upgrade. The specialist has already reported the vulnerability to the company, which paid him $10,000. The same amount Nguyen received for the same vulnerability on PS4.

The PlayStation hack allows the user to install emulators of other consoles, play pirated versions of games, and also unlock some features that are not normally available to users.

At the same time, Nguyen explained that the error he discovered was just one of a chain of errors required for a full PlayStation 5 jailbreak. To date, the newest console has not been hacked.

Continue Reading

Phones

Only pin code, only hardcore. Locking a smartphone with a fingerprint reduces its security, says Group-IB digital forensics specialist

Published

on

Only pin code only hardcore Locking a smartphone with a

Group-IB digital forensics specialist Igor Mikhailov told the Prime agency why you should not use a fingerprint on your phone.

According to him, locking a smartphone with a fingerprint reduces its security, as the fingerprint can be copied. In addition, it is possible to unlock the gadget with someone else’s fingerprints, especially on devices with an old sensor.

Only pin code, only hardcore.  Locking a smartphone with a fingerprint reduces its security, says Group-IB digital forensics specialist

The most secure way to unlock a smartphone, according to Mikhailov, is to use complex passwords. He advised to turn off the fingerprint login and leave only the pin code.

As for unlocking a smartphone by face, Apple’s Face ID system is the most reliable, but even its enthusiasts managed to deceive with photos and masks of the owners.

Continue Reading

Most Popular