Former Conti Team One threat actors have been operating Royal ransomware, which has been used in a slew of cyberattacks between September and December, SecurityWeek reports.
Royal ransomware was noted by Trend Micro researchers to be a rebrand of the Zeon ransomware, which was linked in August to Conti Team One, one of the groups behind the Conti ransomware gang, which has been dismantled following a significant data leak stemming from the gang's support for Russia amid the ongoing Russia-Ukraine war.
U.S. and Brazilian organizations have been the main targets of Royal ransomware, which is being delivered through callback phishing attacks that involve downloads of remote access software.
Royal ransomware operators proceed to leverage the remote access malware to facilitate the deployment of additional payloads, including CobaltStrike and QakBot.
The report also showed that aside from using RClone for data exfiltration, Royal ransomware has also been utilizing PsEXEC for ransomware execution.
One year after its emergence in the threat landscape, Alpha ransomware has been discovered to resemble the Netwalker ransomware-as-a-service operation that was dismantled in January 2021, BleepingComputer reports.