![]() ![]() Previously, the sender would, at times, include the targeted company’s highest-ranking person such as the CEO’s name. This is likely an attempt to evade detections,” the researchers wrote. “There are three email variants sent to the same recipients conveying the same information, except with the email body in plain text, HTML, or as a JPG image attachment. The changes are the ransom pricing-reduced from 10 bitcoin to a starting price of 2 bitcoin (most likely in recognition of bitcoin’s fluctuating value)-and the wording used in the emails sent to recipients. These variations indicate the group’s determined effort to evolve their activities, the researchers said. Changes to Fancy Lazarus’s DDoS attack method Now, the group has resurfaced with a new name and changes in its tactics, techniques and procedures (TTPs). “In each case the threat actor demanded bitcoin payment or else a small-scale denial-of-service attack would be launched with a more substantial attack mere days later,” Proofpoint researchers explained in a blog post. The group-which formerly used monikers such as Fancy Bear, Lazarus, Lazarus Group, and Armada Collective, among others-went on hiatus for around a month from April to May 2021 following a campaign of ransom DDoS attacks against global financial institutions and organizations that started in mid-to-late August 2020. The attacks have been primarily targeting US and global organizations from a range of sectors including energy, financial, insurance, manufacturing, public utilities and retail. Security researchers are tracking new DDoS extortion activity by threat actor group Fancy Lazarus. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |