From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- ‘NetWalker’ Ransomware Attacker Gets 20 Years in Prison
December 21, 2024
Romanian national Daniel Christian Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy. NetWalker ransomware attacks often targeted the healthcare sector during the COVID-19 pandemic. The attacker obtained nearly 1,600 Bitcoin ransomware payments as a result of his attacks, netting him and another affiliate about $21.5 million. Hulea is being ordered to forfeit these ...
- Beware Feb. 3, 2025 – Diabolic Ransomware Gang Issues New Attack Warning
December 21, 2024
If you thought law enforcement had not only disrupted the LockBit ransomware operation, alongside trolling the criminal gang behind it but taken it out of business altogether, then you are likely in for a shock: LockBitSupp, the group’s alleged leader, has warned LockBit 4 will return next year. In fact, a dark web posting said the ...
- 240,000 Credit Union Members Exposed
December 20, 2024
A recent data breach at SRP Federal Credit Union, based in South Carolina, has left over 240,000 members vulnerable to potential identity theft and financial fraud. Between Sept. 5 and Nov. 4, 2024, hackers accessed sensitive personal data, including Social Security numbers, driver’s license information, dates of birth and financial account details. The ransomware group Nitrogen ...
- BellaCPP: Discovering a new BellaCiao variant written in C++
December 20, 2024
BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. One important aspect of the BellaCiao samples ...
- Ukraine Hit By Massive Cyber Attack
December 20, 2024
Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent times. “As a result of a targeted attack, the work of the Unified and State Registers, ...
- Ransomware attack on health giant Ascension hits 5.6 million patients
December 20, 2024
A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing ...