Ransomware, Malware

New Cheerscrypt ransomware attributed to Chinese hacking group

Chinese cyberespionage operation Emperor Dragonfly, also known as Bronze Starlight and DEV-0401, has been behind the new Linux-based ransomware strain Cheerscrypt, reports The Hacker News. Cheerscrypt ransomware usage by Emperor Dragonfly comes after it had deployed LockBit 2.0, Atom Silo, Rook, LockFile, NightSky, and Pandora ransomware during the past 12 months, a report from Signia showed. "Emperor Dragonfly deployed open source tools that were written by Chinese developers for Chinese users. This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China," said Signia. Emperor Dragonfly has targeted VMware Horizon servers by exploiting the Log4Shell flaw to facilitate the distribution of an encrypted Cobalt Strike beacon, which is being deployed alongside a keylogger, the iox internet proxy utility, and the NPS tunneling software, said researchers. The report also noted that both Cheerscrypt and Emperor Dragonfly shared initial access vectors, encrypted Cobalt Strike beacon delivery, and lateral movement approaches.

Related

Total ransomware payment ban requires more prep

CyberScoop reports that achieving stronger cybersecurity resilience across critical infrastructure organizations and small- and medium-sized businesses was noted by former Acting National Cyber Director Kemba Walden to be crucial before implementing a complete ban on ransomware payments.

DDoS attacks spike in first quarter

Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.