New Threat Actor Exotic Lily Is an Access Broker for Russian Hackers, Including the Conti Gang

Russia says it's facing unprecedented wave of hacking attacks, CISA warns of SATCOM threats, Anonymous seemingly took control of cameras inside Russia to display message, much more

Google’s Threat Analysis Group observed a financially motivated threat actor it calls Exotic Lily working as an intermediary for Russian hackers, including the Conti ransomware gang.

The group acts as an initial access broker, finding vulnerable organizations and selling access to their networks to the highest bidder, freeing up ransomware gangs such as Conti to focus on the execution phase of an attack. Directing targets to spoofed domains via email campaigns, Exotic Lily tees up malware infection by setting up social media profiles and AI-generated images of human faces to appear as legitimate employees before sending spear-phishing emails under the pretext of a business proposal.

Google’s researchers confirm Exotic Lily’s relationship with a Russian cybercrime group tracked as Wizard Spider (also known as UNC1878), linked to the notorious Ryuk ransomware used to target businesses, hospitals institutions since 2018. (Carly Page / TechCrunch)

Related: Slashdot, Cyberscoop, Benzinga, Goo…