Lucene search
K

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

🗓️ 07 Sep 2022 21:00:00Reported by Paul OliveriaType 
mmpc
 mmpc
🔗 www.microsoft.com👁 113 Views

Profiling DEV-0270: PHOSPHORUS’ ransomware operations. DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS, conducts malicious network operations, including widespread vulnerability scanning. They leverage exploits for high-severity vulnerabilities, use living-off-the-land binaries (LOLBINs), and abuse the built-in BitLocker tool to encrypt files on compromised devices. The group has a quick time to ransom of around two days, demanding USD 8,000 for decryption keys. They have been observed pursuing other avenues to generate income through their operations, such as posting stolen data for sale. DEV-0270 is operated by a company that functions under the public aliases of Secnerd and Lifeweb. The group is typically opportunistic in its targeting, scanning the internet to find vulnerable servers and devices. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing Microsoft Threat Intelligence Center (MSTIC) to track it as a unique set of information until reaching high confidence about the origin or identity of the actor behind the activity

Related

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation