BleepingComputer reports that popular security researchers are being incriminated by the novel and widely distributed data wiper dubbed "Azov Ransomware."
Aside from putting out false claims that security researcher Hasherazade developed the data wiper, Azov Ransomware also purports that other security researchers including Vitali Kremez, Michael Gillespie, Lawrence Abrams, and MalwareHunterTeam and BleepingComputer are part of its operation, with the included ransom note indicating that device encryption had been done as a form of protest against inadequate Western assistance to Ukraine amid the country's ongoing war with Russia.
Threat actors behind the Azov wiper are believed to have bought installs via the SmokeLoader malware botnet to enable the data wiper's delivery.
Victims have been noted by BleepingComputer to be double-encrypted with Azov and STOP ransomware, with SmokeLoader distributed simultaneously.
Attempted incrimination of security researchers in malware has already been done by Apocalypse ransomware in 2016, which renamed one of its strains to frame Fabian Wosar, and Maze ransomware in 2020, which attempted to frame Vitali Kremez.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Nexperia had some of its servers confirmed to be compromised in a cyberattack last month following a report from Dutch broadcast firm RTL detailing attackers' claims of having exfiltrated hundreds of gigabytes of data from the Chinese-owned Dutch semiconductor manufacturer, according to Cybernews.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.