TORONTO — An Ontario security software company says it has discovered a new affiliate of a ransomware gang that has pledged allegiance to Russia carrying out attacks with threat emulation technology.
Waterloo, Ont.-based eSentire says its threat response unit has been tracking an affiliate of Conti since August and discovered the group used Cobalt Strike in two attacks around Valentine’s Day, as tensions between Russia and Ukraine were escalating.
Get breaking National news
The firm calls Cobalt Strike “the Swiss army knife of cyber intrusions” because the tool can replicate and launch sophisticated cyberattacks that can test security detections, protections and response systems, but is being used by threat actors to compromise IT environments and spread throughout networks.
- 2 kids from northern Alberta still missing, mom and her partner wanted for abduction
- Rare mistrial declared on Frank Stronach sexual assault conviction: defence
- Convoy organizer Pat King guilty of intimidation, Appeal Court rules
- Laos charges in deadly tourist methanol poisoning not harsh enough: parents
The threat response unit intercepted an attack using Cobalt Strike to try to breach an unnamed children’s charity and hours later, found it being used to target a legal firm.
It says Conti is comprised of sophisticated ransomware developers and operators known for compromising and disrupting the operations of health-care organizations, emergency services, municipalities, oil transportation and electric companies and schools.
Conti claimed responsibility for a cyberattack on a Quebec smelter Rio Tinto operates earlier this month.
Comments
Comments closed.
Due to the sensitive and/or legal subject matter of some of the content on globalnews.ca, we reserve the ability to disable comments from time to time.
Please see our Commenting Policy for more.