Microsoft links Scattered Spider hackers to Qilin ransomware attacks

pHackers leak 27 billion data records with Social Security numbersppFake X content warnings on Ukraine war earthquakes used as clickbaitppMicrosoft discloses unpatched Office flaw that exposes NTLM hashesppNew AMD SinkClose flaw helps install nearly undetectable malwareppX faces GDPR complaints for unauthorized use of data for AI trainingppFBI disrupts the Dispossessor ransomware operation seizes serversppSouth Korea says DPRK hackers stole spy plane technical datappMicrosoft is killing the Windows Paint 3D app after 8 yearsppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppMicrosoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacksppIn the second quarter of 2024 financially motivated threat actor Octo Tempest our most closely tracked ransomware threat actor added RansomHub and Qilin to its ransomware payloads in campaigns Microsoft said MondayppAfter surfacing in early 2022 this threat group also tracked as Octo Tempest UNC3944 and 0ktapus achieved notoriety following their 0ktapus campaign that targeted over 130 highprofile organizations including Microsoft Binance CoinBase TMobile Verizon Wireless ATT Slack Twitter Epic Games Riot Games and Best BuyppThe Englishspeaking gang has also encrypted MGM Resorts systems after joining BlackCatALPHV ransomware as an affiliate in mid2023 and was linked by Symantec to the RansomHub ransomwareasaserviceppIn November the FBI and CISA issued an advisory highlighting Scattered Spiders tactics techniques and procedures TTPs These include impersonating IT employees to trick customer service staff into providing them with credentials or gaining persistence on targets networks using remote access toolsppOther tactics theyre known to use for initial network access include phishing MFA bombing aka MFA fatigue and SIM swappingppThe Qilin ransomware operation that Scattered Spider just joined surfaced in August 2022 under the Agenda name but was rebranded as Qilin just one month laterppOver the last two years the Qilin gang has claimed over 130 companies on its dark web leak site however their operators werent active until attacks picked up towards the end of 2023ppSince December 2023 Qilin has also been developing one of the most advanced and customizable Linux encryptors to target VMware ESXi virtual machines which enterprise organizations favor for their light resource needsppLike many other ransomware groups targeting businesses Qilin operators infiltrate a companys networks and extract data as they move through the victims systemsppAfter obtaining admin credentials and collecting all sensitive data they deploy the ransomware payloads to encrypt all network devices and leverage the stolen data to carry out doubleextortion attacksppSo far BleepingComputer has seen Qilin ransom demands ranging from as low as 25000 to millions of dollars depending on the victims sizeppLast month the CEO of the UKs National Cyber Security Centre NCSC linked Qilin to a ransomware attack that hit pathology services provider Synnovis in early June and impacted several major NHS hospitals in London forcing them to cancel hundreds of operations and appointmentsppMicrosoft Octo Tempest is one of the most dangerous financial hacking groupsppScattered Spider hackers switch focus to cloud apps for data theftppRansomHub extortion gang linked to nowdefunct Knight ransomwareppQilin ransomware gang linked to attack on London hospitalsppAustralian gold producer Evolution Mining hit by ransomwareppNot a member yet Register NowppHackers leak 27 billion data records with Social Security numbersppChinese hacking groups target Russian government IT firmsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp