Ontario security company uncovers ransomware gang affiliate using Cobalt Strike
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$0 for the first 4 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*No charge for 4 weeks then price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 21/03/2022 (1357 days ago), so information in it may no longer be current.
TORONTO – An Ontario security software company says it has discovered a new affiliate of a ransomware gang that has pledged allegiance to Russia carrying out attacks with threat emulation technology.
Waterloo, Ont.-based eSentire says its threat response unit has been tracking an affiliate of Conti since August and discovered the group used Cobalt Strike in two attacks around Valentine’s Day, as tensions between Russia and Ukraine were escalating.
The firm calls Cobalt Strike “the Swiss army knife of cyber intrusions” because the tool can replicate and launch sophisticated cyberattacks that can test security detections, protections and response systems, but is being used by threat actors to compromise IT environments and spread throughout networks.
The threat response unit intercepted an attack using Cobalt Strike to try to breach an unnamed children’s charity and hours later, found it being used to target a legal firm.
It says Conti is comprised of sophisticated ransomware developers and operators known for compromising and disrupting the operations of health-care organizations, emergency services, municipalities, oil transportation and electric companies and schools.
Conti claimed responsibility for a cyberattack on a Quebec smelter Rio Tinto operates earlier this month.
This report by The Canadian Press was first published March 21, 2022.