Corporate Data Sold to Ransomware Hackers
Dark web hackers that made up the dangerous ransomware group known as Conti has joined force with the Diavol hackers. This is the latest dark web news revealing a devastating ransomware operation, which is set to cripple global businesses in 2022. However, Google has sort of spoiled its impending reign of terror when its cybersecurity analysts discovered the newly formed malware threat.
The analysts exposed the hacking operations of the group named “EXOTIC LILY,” which is the access broker that features prominently for Diavol the Conti hackers’ ransomware threats. According to reports, the new hacking group was detected when it tried to exploit a zero-day vulnerability associated with the Microsoft MSHTML (CVE-2021-40444).
And being discovered to be tied to the infamous Conti hackers; it peaks the Google cyber analysts’ interests as a sophisticated hacking group. Cutely dubbed“EXOTIC LILY”, with further analysis; it has been linked to dark web hackers as the initial access broker for some of the most sophisticated ransomware gangs. It is reported that “Exotic Lilly is the catalyst for large-scale phishing campaigns targeted at some of the largest businesses around the globe.
EXOTIC LILY has proven to be a well organized phishing campaign that works to infiltrate 650 corporate businesses in a single day. The extensive hacking scheme involves more than 5,000 emails sent to each client on their targeted list.
Profitable Malware Business
The analyzed report into the hackers’ weekly schedule shows that the dark web hackers operate their business as a regular company. Phishing campaigns were done in a regular 9-5 shift setting, with the most hacking activity done between 09:00 AM to 05:00 PM EST.
However, the weekends seemed to be the hackers’ off days as there were limited activities reported on the weekends. This latest research shows that cyber hackers operate in a regular 9-to-5 job setting. Additionally, it was proven by the devastating leak done recently against the recent Conti hackers by a Ukranian researcher.
A peek into the hijacked Conti files shows that dark web hackers reports to managers, received paychecks, and most astonishingly, they even get to request vacation days.
Additionally, with the windfall profits that hacking groups realized from launching phishing campaigns, ransomware, and malware attacks, they have even formed different groups for members. Whereas, some hackers are responsible for performing back-end technical tasks. These assignments involve customizing business proposal templates. Also, the uploading of malware payloads to file-sharing services, where the links can be accessed by targeted hacking groups.
From its operational perspective, EXOTIC LILY hackers have stolen the images and information of targeted companies employees, which they used in the creation of LinkedIn business profiles, and other fake social media accounts.