For Google, Conti members redirected their attacks to Ukraine

The retraining of these cybercriminals will not come as a surprise. Google’s cyberthreat experts have just observed a significant movement of former members of Conti, a highly active ransomware gang that exploded in flight after leaking internal exchanges amid controversy over the war in Ukraine. In particular, this is a group called UAC-0098 by security researchers, known for using, for example, the IcedID banking trojan.

These cybercriminals, who specialize in infiltrating computer networks on behalf of ransomware operators like Conti or Quantum, actually pointed their computer weapons at Ukrainian targets in the spring, according to the Google Threat Intelligence Group.

Goal alignment

Consider the example of Google cybercriminals being retrained for activities “closely associated with the Russian government.” For researchers at the Mountain View giant, these attacks show Eastern Europe’s permeability between cybercrime and government-derived computer harassment.

At the end of April, Google first noticed the first email phishing campaign. Then cybercriminals were caught attacking Ukrainian hotels under the guise of Ukrainian cyberpolice.

Similarly, in May they tried to make their interlocutors believe they were working for Starlink, that satellite communications system that billionaire Elon Musk expanded into Ukraine after the Russian invasion. In another campaign, this time, the identity of the Ukrainian tax service was usurped.

The latest examples developed by Google are cybercriminals targeting humanitarian NGOs in Italy or the Ukrainian Press Academy.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.