CISA Updates Conti Ransomware Alert with Around 100 Domain Names

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has upgraded the Conti ransomware advisory to include indications of compromise (IoCs) that comprise almost 100 domain names utilized in criminal operations. 
The advisory, which was first issued on September 22, 2021, contains facts about Conti ransomware assaults that attacked organizations in the United States, as observed by CISA and the Federal Bureau of Investigation (FBI). It’s worth noting that the US Secret Service’s data is included in the latest cybersecurity advisory. Internal data from the Conti ransomware operation began to surface at the end of February after the group publicly declared their support for Russia in the Ukraine invasion. 
The leak came from a Ukrainian researcher, who originally issued private messages exchanged by the members of the group and then released the source code for the ransomware, administrative panels, and other tools. Domains used in compromises with BazarBackdoor, the malware used to gain initial access to networks of high-value targets, were also found in the cache of data. Conti, according to CISA, has infiltrated over 1,000 businesses around the world, with TrickBot malware and Cobalt Strike beacons being the most common attack vectors. 
The agency has published a list of 98 domain names that have “registration and naming characteristics identical” to those used in Conti ransomware attacks. While some of the domains were used in malicious operations, the agency warns that others of them may

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: