Russian organizations attacked by OldGremlin ransomware gang

Numerous Russian entities in the banking, logistics, insurance, industry, real estate, retail, and software development sectors have been targeted by Russian ransomware group OldGremlin, also known as TinyScouts, in 16 phishing campaigns between 2020 and 2022, according to The Hacker News. OldGremlin, which was first identified in September 2020, has been impersonating tax and legal companies in its phishing emails that contain links to malicious files, a Group-IB report found. Scheduled tasks are created by OldGremlin to build persistence and Cobalt Strike is being used to facilitate privilege escalation. OldGremlin also leverages Cisco AnyConnect vulnerabilities, tracked as CVE-2020-3153 and CVE-2022-3433, as it obtains remote access through TeamViewer and other tools. "OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies. Despite the fact that OldGremlin has been focusing on Russia so far, they should not be underestimated elsewhere. Many Russian-speaking gangs started off by targeting companies in post-Soviet space and then switched to other geographies," said Group-IB Dynamic Malware Analysis Team Head Ivan Pisarev.