Connect with us

News

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

Published

on

H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021.

The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.

Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies.

“Along with their H0lyGh0st payload, DEV-0530 maintains an .onion site that the group uses to interact with their victims,” the researchers said in a Thursday analysis.

“The group’s standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange for restoring access to the files.”

Ransom amounts demanded by DEV-0530 range anywhere between 1.2 and 5 bitcoins, although an analysis of the attacker’s cryptocurrency wallet shows no successful ransom payments from its victims as of early July 2022.

DEV-0530 is believed to have connections with another North Korean-based group known as Plutonium (aka DarkSeoul or Andariel), a sub-group operating under the Lazarus umbrella (aka Zinc or Hidden Cobra).

The illicit scheme adopted by the threat actor is also known to take a leaf from the ransomware playbook, leveraging extortion tactics to apply pressure on victims into paying up or risk getting their information published on social media.

DEV-0530’s dark web portal claims it aims to “close the gap between the rich and poor” and “help the poor and starving people,” in a tactic that mirrors another ransomware family called GoodWill that compels victims into donating to social causes and providing financial assistance to people in need.

The technical breadcrumbs that tie the group to Andariel stem from overlaps in the infrastructure set as well as based on communications between email accounts controlled by the two attacker collectives, with DEV-0530 activity consistently observed during Korea Standard Time (UTC+09:00).

“Despite these similarities, differences in operational tempo, targeting, and tradecraft suggest DEV-0530 and Plutonium are distinct groups,” the researchers pointed out.

In a sign that suggests active development, four different variants of the H0lyGh0st ransomware were churned out between June 2021 and May 2022 to target Windows systems: BTLC_C.exe, HolyRS.exe, HolyLock.exe, and BLTC.exe.

While BTLC_C.exe (dubbed SiennaPurple) is written in C++, the other three versions (codenamed SiennaBlue) are programmed in Go, suggesting an attempt on the part of the adversary to develop cross-platform malware.

The newer strains also come with improvements to their core functionality, including string obfuscation and abilities to delete scheduled tasks and remove themselves from the infected machines.

H0lyGh0st Ransomware

The intrusions are said to have been facilitated through the exploitation of unpatched vulnerabilities in public-facing web applications and content management systems (e.g., CVE-2022-26352), leveraging the purchase to drop the ransomware payloads and exfiltrate sensitive data prior to encrypting the files.

The findings come a week after the U.S. cybersecurity and intelligence agencies warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

The expansion from financial heists to ransomware is being viewed as yet another tactic sponsored by the North Korean government to offset losses from sanctions, natural disasters, and other economic setbacks.

But given the narrow set of victims than is typically associated with state-sponsored activity against cryptocurrency organizations, Microsoft theorized the attacks could be a side-hustle for the threat actors involved.

“It is equally possible that the North Korean government is not enabling or supporting these ransomware attacks,” the researchers said. “Individuals with ties to Plutonium infrastructure and tools could be moonlighting for personal gain. This moonlighting theory might explain the often-random selection of victims targeted by DEV-0530.”

The ransomware threat evolves in a post-Conti world

The development also comes as the ransomware landscape is evolving with existing and new ransomware groups, namely LockBit, Hive, Lilith, RedAlert (aka N13V), and 0mega, even as the Conti gang formally shuttered its operations in response to a massive leak of its internal chats.

Adding fuel to the fire, LockBit’s improved successor also comes with a brand new data leak site that allows any actor to purchase data plundered from victims, not to mention incorporating a search feature that makes it easier to surface sensitive information.

Other ransomware families have also incorporated similar capabilities in an attempt to create searchable databases of information stolen during attacks. Notable among this list are PYSA, BlackCat (aka ALPHV), and the Conti offshoot known as Karakurt, according to a report from Bleeping Computer.

Based on statistics gathered by Digital Shadows, 705 organizations were named in ransomware data leak websites in the second quarter of 2022, marking a 21.1% increase from Q1 2022. The top ransomware families during the period consisted of LockBit, Conti, BlackCat, Black Basta, and Vice Society.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

4 Important Tips for Having a Vacation Abroad

Published

on

4 Important Tips for Having a Vacation Abroad

Are you planning to go abroad but still don’t know what to prepare? People dream of going abroad, especially to countries like America and Europe. If this is your first time going abroad, you should check the following tips!

Prepare All Important Documents

The first thing you need to do is prepare important documents. For example, passports, ID cards, visas, and international driving licenses if you are going to drive abroad. Make sure you know whether the country you are going to visit is visa-free or not. For Southeast Asian countries, the Maldives and Turkey are visa-free, so you only have to have a passport. But a visa is still needed if you want to go to South Korea, Europe, or America. Make sure to scan your document and save it in the cloud like Google Drive or iCloud. Oh, yes, remember to check your vaccination status. Because every country needs your health information.

Make Itineraries

Itinerary is important for those who want to travel abroad. The reason is holidays abroad cost a lot of money, so when you can, take advantage of it with a well-planned schedule. Research in detail the tourist destinations you want to visit. For example, what is unique in it, ticket prices, transportation to get there, to the distance from the inn you’re staying. Remember to include places to eat that you want to try. Make sure the place to eat is according to your preferences, such as halal or free of certain food allergies.

Book Tickets in Advance

When you know how long you will be on vacation with the itinerary that has been prepared, it’s time to book plane tickets and lodging. Find cheap tickets by:

  1. Using promos and discounts on travel agent applications.
  2. Comparing which price is lower and what kind of facilities you will get.
  3. Choosing accommodation that fits your budget but is still comfortable.

Oh yes, also remember to check how the pandemic situation is in the country you are going to visit. Do you have to quarantine or not? Because it will affect your itinerary and accommodation. Due to the pandemic conditions that have not fully recovered, check whether there is still Indonesia quarantine after returning from vacation.

Exchange Money and Check Your ATM Cards

Exchange your currency into the destination country’s currency, for example, yen, euros, dollars, won, and others. But remember, don’t carry too much cash because it’s also prone to theft, besides being wasteful. For the rest, you can do cashless transactions. Check your bank’s ATM card to see if it has Visa, MasterCard, or Cirrus logos. This row of stamps indicates that your bank is working with banks abroad. Or you can also use a credit card to make your transaction easier.

Continue Reading

News

Down 43%, Is This Tech Stock Worth Buying Right Now?

Published

on

Down 43%, Is This Tech Stock Worth Buying Right Now?

Skyworks Solutions (NASDAQ: SWKS) announced its fiscal 2022 fourth-quarter results (for the three months ended September 30) on November 3, and the supplier Apple’s stock price has risen 11% since then.

Skyworks beat expectations and showed solid growth at a time when smartphone sales were declining, but forecasts show the chipmaker is about to hit a bump. With that said, let’s take a closer look at the latest results from the chipmaker. Let’s take a closer look at whether the stock can sustain new momentum after losing 43% of its value in 2022.

Skyworks solutions deliver reliable results for non-mobile businesses
Skyworks’ fourth-quarter revenue increased 7% year-over-year to a record $1.4 billion. The company also reported non-GAAP (adjusted) earnings of $3.02 per share, up 15% year-over-year. Skyworks easily justified analyst estimates of $2.91 per share. For the year, the company’s revenue increased 7% to $5.5 billion and earnings rose similarly to $11.24 per share.

The strong growth of chipmakers in the fourth quarter was the result of successful diversification into new markets such as Internet of Things (IoT) and automotive, as well as relationships with major smartphone original equipment manufacturers (OEMs). Yes, it helped make up for it. Weakness in the smartphone market. space. However, it was the non-mobile business that put a lot of effort into Skyworks last quarter.
As CFO Chris Sennesael noted in the report, the company generated $500 million in revenue from broad market segments (counting chip sales for non-mobile applications like IoT), up 30% from the previous year. Last earnings conference call. Broad market companies contributed 36% of Skyworks’ revenue last quarter, up from 29% in the same period last year.

It’s also worth noting that Skyworks earned $2 billion in revenue from this segment for the entire fiscal year. That’s almost 43% more than the $1.4 billion in revenue last fiscal year. The good news is that the company’s business in a wide range of markets can maintain its momentum. This is because, as Skyworks showed in its earnings report, it is attracting new customers in high-growth niches like IoT.

“In IoT, we continue to win new customers and expand our content. We have partnered with Vodafone to launch the UK’s first WiFi 6E platform. We have launched a solution for Fi 6 hotspots.”

Skyworks also enables the deployment of O-RAN (Open Radio Access Network) and delivers record quarterly results in the high-growth automotive business niche. For example, the O-RAN market is expected to grow at an annual rate of 42% until 2030. Meanwhile, according to Mordor Intelligence, the demand for connected cars will grow by 19% per year until 2027.

These catalysts explain why Skyworks expects its broad commercial segment of the market “to be a major driver in FY23 and beyond.”

The mobile business was not in its best last quarter
Skyworks’ mobile business generated approximately $907 million in revenue last quarter (this is total revenue minus $500 million from the broader market business). By comparison, 71% of Skyworks’ $1.31 billion in revenue last year came from its mobile business, worth nearly $931 million.

Thus, the company’s mobile business, which generates most of its revenue, declined year-over-year in the most recent quarter. This is not surprising given that smartphone sales have been declining for the past five quarters. Skyworks considers Apple its biggest client, with the smartphone giant generating 58% of its revenue last year.

Last quarter, Apple shipped 48.5 million smartphones, 6.4% more than last year. However, the overall smartphone market was down 9% year-over-year. And now things could get even worse for Skyworks.

All of this explains why Skyworks management is targeting a sharp drop in sales and profits. The chipmaker expects revenue of $1.3 billion to $1.35 billion and adjusted earnings of $2.59 per share in the first quarter of fiscal 2023. These numbers show double-digit declines in both revenue and earnings compared to the last year.

Continue Reading

News

Tech Shares May Weigh On Taiwan Stock Market

Published

on

Tech Shares May Weigh On Taiwan Stock Market

(RTTNews) – The Taiwanese stock market fell nearly 230 points (1.7%) on Tuesday after falling for two days. The Taiwan Stock Exchange is currently just above the 14,700 plateau, but selling pressure is likely to resume on Wednesday.

The global outlook for Asian markets is mixed, with little change ahead of major economic events that could affect the interest rate outlook. European and US markets were mixed and flat, followed by Asian equities.

The Tokyo Stock Exchange closed sharply higher on Tuesday after gains in financial, technology and cement stocks.

The index closed at 14,709.64, up 152.77 points (1.05%) after trading between 14,449.05 and 14,716.58.
Among assets, Cathay Financial was up 3.45%, Mega Financial was up 1.78%, CTBC Financial was up 2.93%, Fubon Financial was up 2.94%, First Financial was up 1.35%, E Sun Financial rose 1.66%, Taiwanese semiconductor company rose 1.35% and United Microelectronics rose 1.35%. Corporation and Catcher Technology rose 0.56%, Largan Precision shed 0.22%, MediaTek rose 1.42%, Delta Electronics rose 1.71%, Novatek Microelectronics rose 0.51%, China Steel rose 0.51%. 2.87%, Formosa Plastics shed 0.22%, Nan Ya Plastics rose 0.92%, Asia cement rose 1.48%, Taiwanese cement rose 1.67%, and Hon Hai Precision remained unchanged.

Wall Street’s lead indicates a slight negative bias as the leading average rose, then fell in the middle of the session, but then rose to end the mix almost unchanged.

The Dow rose 3.07 points (0.01%) to close at 33,852.53, while the NASDAQ fell 65.72 points (0.59%) to close at 10,983.78, and The S&P 500 fell 6.31 points (0.16%) to 3957.63.

Volatile trading on Wall Street comes amid continued uncertainty about the situation in China following widespread outcry over the country’s Covid restrictions.

Traders may also have been reluctant to make any significant moves ahead of comments from Federal Reserve Chairman Jerome Powell today that could provide further clues about the rate outlook. Unemployment data continues to be released on Friday.

In terms of economic news, the Conference Board released a report showing a moderate decline in US consumer confidence in November.

Crude oil futures ended higher on Tuesday, extending gains from the previous session on hopes that OPEC could cut production to support prices later this week. West Texas intermediate oil futures rose $0.96, or 1.2%, to $78.20 a barrel in January.

Continue Reading

Trending