North Korean Hacking Group H0lyGh0st Has Been Targeting Small Businesses for Nearly a Year
Powerful Mantis botnet has targeted nearly 1,000 Cloudflare customers, Illicit addresses account for nearly a quarter of funds sent to mixers, Lawmakers seek to curb VPN abuses, much more
Check out my latest CSO column, which delves into the details of the Cyber Safety Review Board’s first report focusing on the log4j vulnerability.
Researchers at Microsoft Threat Intelligence Center (MTIC) say that an emerging threat cluster that calls itself H0lyGh0st, tracked by Microsoft as DEV-0530, has connections to a North Korean-based group known as Plutonium and has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021.
Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies. "The group's standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange for restoring access to the files,” MTIC says.
Ransom amounts demanded by DEV-0530 range between 1.2 and 5 b…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.