A subset of the Iranian threat actor known as Phosphorus is allegedly using ransomware assaults as a “kind of moonlighting” for personal gain, according to Microsoft’s threat intelligence branch.
The computer giant claimed it was run by a business that uses the public names Secnerd and Lifeweb, noting infrastructure overlaps between the group and the two firms. The tech giant is keeping an eye on the activity cluster known by the handle DEV-0270 (also known as Nemesis Kitten). In order to maintain operational security and stealth, the threat group frequently leverages native WMI, net, CMD, and PowerShell commands, according to Microsoft.
In order to conceal their presence, they also install and pass off their modified binaries as legal processes.
Read More: Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group
For more such updates follow us on Google News ITsecuritywire News