A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign.
Analysts have discovered a ransomware campaign from a new group called "Monti," which relies almost entirely on leaked Conti code to launch attacks.
The Monti group emerged with a round of ransomware attacks over the Independence Day weekend, and was able to successfully exploit the Log4Shell vulnerability to encrypt 20 BlackBerry user hosts and 20 servers, BlackBerry's Research and Intelligence Team reported.
After further analysis, researchers discovered that the indicators of compromise (IoCs) for the new ransomware attacks were the same as in previous Conti ransomware attacks, with one twist: Monti incorporates the Acrion 1 Remote Monitoring and Maintenance (RMM) Agent.
But rather than being Conti reborn, the researchers said they believe Monti lifted Conti's infrastructure when it was leaked last spring, during February and March.
"As additional ransomware-as-a-service (RaaS) solution builders and source code become leaked, either publicly or privately, we could continue to see these doppelganger-like ransomware groups proliferate," the BlackBerry team added. "General familiarity with the TTPs [tactics, techniques and procedures) of known groups can help us identify any unique traits of these lookalike crews."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024