The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: DiskCryptor

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

May 12, 2022Ravie Lakshmanan
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, Charming Kitten, Newscaster, or Phosphorus). "Elements of Cobalt Mirage activity have been  reported  as  Phosphorus  and  TunnelVision ," Secureworks Counter Threat Unit (CTU)  said  in a report shared with The Hacker News. The threat actor is said to have conducted two different sets of intrusions, one of which relates to opportunistic ransomware attacks involving the use of legitimate tools like  BitLocker  and DiskCryptor for financial gain. The second set of attacks are more targeted, carried out with the primary goal of securing access and gathering intelligence, while also depl
Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks

Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks

February 01, 2022Ravie Lakshmanan
A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware " StrifeWater ." "The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst,  said  in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions." Moses Staff came to light towards the end of last year when Check Point Research  unmasked  a series of attacks aimed at Israeli or
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.