Threat Intelligence

Gold Melody cybercrime group identified as IAB

Cybercrime operation Gold Melody, also known as UNC961 and Prophet Spider, has been discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker peddling compromised network access for further attacks, according to The Hacker News. Five attacks deployed by Gold Melody from July 2020 to July 2022 involved the exploitation of vulnerabilities dating back to 2016 for initial access, which was then followed by web shell distribution and directory creation within the compromised host, a SecureWorks report showed. Gold Melody then proceeds with extensive environment scanning before facilitating credential harvesting, lateral movement, and data theft but all of the reported attacks failed. "Gold Melody acts as a financially motivated IAB, selling access to other threat actors. The buyers subsequently monetize the access, likely through extortion via ransomware deployment," said researchers, who emphasized the importance of robust patching practices amid the operation's focus on flaws impacting internet-exposed servers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.