National Cyber Warfare Foundation (NCWF) Forums


The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal


0 user ratings
2024-07-17 06:48:29
milo
Ransomware
Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider, UNC3944, and 0ktapus), added RansomHub and Qilin ransomware to its arsenal and used them in its campaigns. Octo Tempest has been active […


Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal.





In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider, UNC3944, and 0ktapus), added RansomHub and Qilin ransomware to its arsenal and used them in its campaigns.





Octo Tempest has been active since early 2022, it made the headlines with the 0ktapus campaign that is suspected of hacking into hundreds of organizations over the past two years, including TwilioLastPassDoorDash, and Mailchimp.





The Octo Tempest is known for its advanced social engineering, identity compromise, and persistence tactics. The gang frequently targets VMWare ESXi servers and deploys BlackCat ransomware.





RansomHub is a ransomware as a service (RaaS) that was employed in the operations of multiple threat actors. Microsoft reported that RansomHub was observed being deployed in post-compromise activity by the threat actor tracked as Manatee Tempest following initial access by Mustard Tempest via FakeUpdates/Socgholish infections.

















​The Qilin ransomware operation has been active since August 2022 and the Qilin group claimed the hack of over 130 companies.





Like many other ransomware groups, Qilin operators carry out attacks with a double-extortion model.





Recently, Qilin ransomware operators hit pathology services provider Synnovis, NHS England confirmed the attack had a severe impact of multiple London hospitals, forcing them to cancel more than hundreds of scheduled operations.





Pierluigi Paganini





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





(SecurityAffairs – hacking, ransomware)



Source: SecurityAffairs
Source Link: https://securityaffairs.com/165811/cyber-crime/octo-tempest-ransomhub-qilin-ransomware.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Ransomware



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.