ZDNet reports that the Conti ransomware gang has continued operations despite being made vulnerable by the recent leak of the group's communications and hiring practices after it had expressed support for Russia's invasion of Ukraine.
Various initial access vectors have been leveraged by Conti, including Qakbot malware-laced phishing messages and attacks on unpatched Microsoft Exchange servers, as well as the exploitation of VPN and Log4j vulnerabilities and other publicly available exploits, according to an NCC Group report.
The Conti ransomware group has also persisted in exfiltrating substantial amounts of data and encrypting networks as they conduct double extortion attacks. Continued use of such tactics should prompt organizations to ensure immediate patching of known security flaws.
The report also urged businesses to implement strong password policies and multi-factor authentication. Moreover, information security teams have also been advised to conduct network monitoring to promptly flag potentially suspicious activity and prevent ransomware attacks.
Conti ransomware attacks persist despite leaks
ZDNet reports that the Conti ransomware gang has continued operations despite being made vulnerable by the recent leak of the group's communications and hiring practices after it had expressed support for Russia's invasion of Ukraine.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.
While the intrusion was initially detected on September 27, attackers were able to infiltrate MoneyGram's network between September 20 and September 22, enabling the theft of customers' names, birthdates, contact details, government identification document copies, bank account numbers, transaction details, and MoneyGram Plus Rewards numbers.