Google’s Threat Analysis Group (TAG) has new initial access broker that it alleges is closely affiliated to a Russian cyber-crime gang infamous for its Conti and Diavol ransomware operations.

The financially motivated threat actor, dubbed Exotic Lily, has been detected exploiting a recently patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444).

The exploit is part of phishing campaigns involving 5000 business proposal-themed emails every day to 650 targeted, global organisations.

“Initial access brokers are the opportunistic locksmiths of the security world, and it’s a full-time job,” TAG researcher Vlad Stolyarov said. “These groups specialise in breaching a target in order to open the doors — or the Windows — to the malicious actor with the highest bid.”

The post New “initial access broker” working with Conti gang appeared first on IT Security Guru.


You May Also Like

Disability service provider suffers cyber-attack

The Rehab Group, one of the State’s largest disability services provider, been hit…