At a glance.
- Pyongyang's [un]H0lyGh0st.
- Phishing in the IPFS.
- Update on the initial access criminal-to-criminal market and its effect on MSPs.
- Cyber gangs move away from malicious macros.
- Rewards for Justice seeks some righteous snitches.
- Anonymous's hacktivism in a hybrid war.
- CISA releases three ICS security advisories.
Digital Shadows has released a report that offers more information on the North Korean ransomware group, H0lyGh0st, earlier described by Microsoft on July 14th. H0lyGh0st targets small and medium-sized businesses for financial gain in ransomware attacks, and is known to use double extortion, which researchers define as “combining an encryption of data and services with deliberate data exfiltration.” The group also operates a data leak site for victim’s data. Operating out of North Korea has its challenges for the group, however: the group will probably have to pay a percentage of their profits to the government. It will doubtless find it difficult to communicate, and so have difficulty learning new techniques and recruiting new talent. H0lyGh0st is also known to charge a lower ransom than most gangs, asking for ransoms of 1.2 to 5 Bitcoin, with the willingness to lower ransoms in negotiations.
Researchers believe that HolyGhost is a North Korean state-linked group, despite privateers and pure criminals being significantly more unlikely in a place where state intelligence does its stealing directly. We asked Digital Shadows about this, and Ivan Righi, senior threat intelligence analyst at Digital Shadows, offered a candid answer: “The exact relationship between H0lyGh0st and North Korea is also unclear. However, it is highly likely that H0lyG0ost is at least a state-encouraged threat group, meaning that they could be backed or supported by the North Korean government in one way or another. In addition, it is likely that the group has to share its profits with the North Korean government, as it is difficult to believe that the group would be able to operate without any type of supervision or limitations.”