216.73.216.67

Threat actor believed to be spreading new MedusaLocker variant since 2022

· Published 04/10/2024 10:06 · Modified 04/10/2024 12:30

Export JSON

Essential information

Published
04/10/2024 10:06
Modified
04/10/2024 12:30
Tags
2024-10-04 babylockerkz credential-theft financially-motivated iab lateral movement medusalocker ransomware
Related entities
11 observables, 9 techniques (mitre), 2 malware, 8 others

Description

A financially motivated threat actor has been active since 2022, delivering a variant called ''. The group targets organizations worldwide, with a focus shift from EU countries to South American countries in mid-2023. The actor uses a combination of publicly known attack tools and custom-built software, including a tool named 'checker'. The variant differs from the original in several aspects, such as registry keys and encryption methods. The group's aggressive tactics and high volume of attacks suggest it may be an Initial Access Broker or affiliate.

External references