Former Conti Team One threat actors have been operating Royal ransomware, which has been used in a slew of cyberattacks between September and December, SecurityWeek reports.
Royal ransomware was noted by Trend Micro researchers to be a rebrand of the Zeon ransomware, which was linked in August to Conti Team One, one of the groups behind the Conti ransomware gang, which has been dismantled following a significant data leak stemming from the gang's support for Russia amid the ongoing Russia-Ukraine war.
U.S. and Brazilian organizations have been the main targets of Royal ransomware, which is being delivered through callback phishing attacks that involve downloads of remote access software.
Royal ransomware operators proceed to leverage the remote access malware to facilitate the deployment of additional payloads, including CobaltStrike and QakBot.
The report also showed that aside from using RClone for data exfiltration, Royal ransomware has also been utilizing PsEXEC for ransomware execution.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news