Counteracting Nation-State-Sponsored Cyberattack Groups – Security Boulevard | #malware | #ransomware


Today’s most dangerous cyberattack tactics can often be traced back to 2020 when Nobelium infiltrated SolarWinds and compromised hundreds of organizations in the U.S. Most recently, Nobelium continued to target U.S. resellers and cloud service providers to gain access to their downstream customers.

Microsoft released best practices and guidance for thwarting Nobelium attacks during the fall of 2021.

Wizard Spider

With origins in St. Petersburg, Russia, Wizard Spider is the leading operator of various hacking tools such as BazarLoader, TrickBot, Ryuk and, most notoriously, Conti. The Conti ransomware variant has proven incredibly successful, netting over $150 million dollars.

Multifactor authentication can prevent initial network penetration, and segmented networks can prevent hackers from restricting access to backup drives.

Ghostwriter (UNC1151)

Identified by cybersecurity firm Mandiant, Ghostwriter is most known for its disinformation campaigns spread using stolen identities of notable journalists and government officials. While its initial cyberattacks involved impersonating prominent figures, they soon graduated to DDoS attacks to knock Ukrainian government websites offline and send malware to Ukrainian civilians.


While it’s not as notable as other ransomware groups, Lockbit is quickly gaining notoriety and the number of cyberattacks is expected to increase with the release of a reworked 2.0 version. It has been known to avoid targeting systems local to Russia and is suspected to have worked with the government in the past. Like most ransomware software, Lockbit targets government organizations and enterprises.

WhisperGate, HermeticWiper and IsaacWiper

In contrast to ransomware, which aims to hold data hostage, WhisperGate, HermeticWiper and IsaacWiper are purpose-built to destroy data and leave systems inoperable. As cyberattacks continue to be waged against organizations in Ukraine, the risk of collateral damage to organizations outside the country has become a real possibility. Potential distribution methods of the malware include standard communication tools.

How to Protect Your Organization From Cyberattacks

As Congress considers legislation that would require organizations to report cyberattacks, organizations will have to increase their cybersecurity budgets. Continuous cybersecurity neglect could have adverse effects on a business’s revenue or decrease stakeholder and customer confidence. Below, we outline what your organization can do to protect itself in this new age of cyberwarfare.

Increase Vulnerability Management: The number-one attack vector for APT groups targets neglected network exposures and out-of-date software with known exploits. Increase your scanning frequency/coverage and prioritize based on the greatest risk.

Original Source link

Leave a Reply

Your email address will not be published.

+ forty seven = fifty three