{"id":6561,"date":"2022-03-14T20:17:59","date_gmt":"2022-03-14T11:17:59","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6561"},"modified":"2022-03-30T20:20:48","modified_gmt":"2022-03-30T11:20:48","slug":"recent-google-threat-report-exposes-access-broker-linked-to-conti-and-diavol-ransomware-operations","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/recent-google-threat-report-exposes-access-broker-linked-to-conti-and-diavol-ransomware-operations\/","title":{"rendered":"Recent Google threat report exposes access broker linked to Conti and Diavol ransomware operations"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6561\" class=\"elementor elementor-6561\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-de8d8ff elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"de8d8ff\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8e7002b\" data-id=\"8e7002b\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4c204c3 elementor-widget elementor-widget-text-editor\" data-id=\"4c204c3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This week, Google&#8217;s Threat Analysis Group has exposed the operations of EXOTIC LILY threat group who are believed to be an initial access broker linked to the Conti and Diavol ransomware operations. They were first spotted when they were exploiting a zero-day vulnerability in Microsoft MSHTML and then based on further investigations, it was determined that they were using large-scale phishing campaigns to target and breach corporate networks and the gained access would be sold to ransomware gangs and other threat actor groups.<\/p><p>Based on observations of the threat group, it has determined they\u2019re involved with ransomware gang Conti as they were observed deploying the BazarLoader malware on victims\u2019 networks through download links of popular file transfer sites like WeTransfer, or OneDrive. Their attack chain seem to follow a strict order of registering a spoofed domain, then using it to send emails, build a relationship with the target, and finally share a payload via a file-hosting service. They have also been seen creating fake LinkedIn accounts where they would claim to work for the organisation they were spoofing and use AI-generated or stolen images from actual employee to help build out their fake account.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>This week, Google&#8217;s Threat Analysis Group has exposed the operations of EXOTIC LILY threat group who are believed to be an initial access broker linked to the Conti and Diavol ransomware operations. They were first spotted when they were exploiting a zero-day vulnerability in Microsoft MSHTML and then based on further investigations, it was determined that they were using large-scale<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6566,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,12,9,2,1],"tags":[],"class_list":["post-6561","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/03\/Picture1-23.jpg?fit=1379%2C921&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6561"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6561"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6561\/revisions"}],"predecessor-version":[{"id":6569,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6561\/revisions\/6569"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6566"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}