Microsoft Investigates Iranian APT Ransomware Attacks


Microsoft has published an analysis of the ransomware attacks associated with a subgroup of the Iran-linked advanced persistent threat (APT) actor Phosphorus. Phosphorus, also known as Charming Kitten, Magic Hound, NewsBeef, and APT35, is well recognized for its targeting of political opponents, media outlets, governmental institutions, and a variety of other targets, including vital infrastructure.

The DEV-0270 sub-group, also known as Nemesis Kitten, is responsible for the activities that Microsoft examined. Nemesis Kitten conducts malicious network operations such as vulnerability scanning on behalf of the Iranian government. Around two days after the first compromise in some of the attacks, the organization was seen deploying a ransom note with a demand for USD 8,000 in exchange for the decryption keys.

The most recent assessment from Microsoft indicates that some of the group’s ransomware assaults appear to have been planned to generate income for individual or business-specific purposes.

Read More: Microsoft Dives Into Iranian Ransomware APT Attacks