TORONTO — An Ontario security software company says it has discovered a new affiliate of a ransomware gang that has pledged allegiance to Russia carrying out attacks with threat emulation technology.
Waterloo, Ont.-based eSentire says its threat response unit has been tracking an affiliate of Conti since August and discovered the group used Cobalt Strike in two attacks around Valentine’s Day, as tensions between Russia and Ukraine were escalating.
Get breaking National news
The firm calls Cobalt Strike “the Swiss army knife of cyber intrusions” because the tool can replicate and launch sophisticated cyberattacks that can test security detections, protections and response systems, but is being used by threat actors to compromise IT environments and spread throughout networks.
The threat response unit intercepted an attack using Cobalt Strike to try to breach an unnamed children’s charity and hours later, found it being used to target a legal firm.
It says Conti is comprised of sophisticated ransomware developers and operators known for compromising and disrupting the operations of health-care organizations, emergency services, municipalities, oil transportation and electric companies and schools.
Conti claimed responsibility for a cyberattack on a Quebec smelter Rio Tinto operates earlier this month.
- Judge rules proposed Alberta separation referendum would be unconstitutional
- ‘Cocaine lawyer’ for Ryan Wedding has legal licence suspended in Ontario
- Derek Chauvin, officer convicted of George Floyd’s murder, wants new trial
- Ryan Wedding’s ‘cocaine lawyer’ facing licence suspension, restriction in Ontario
Comments