Hacker group "attack manual" leaked to dark site?

As cyber attacks by ransomware, a ransomware virus, are becoming more serious around the world, files that appear to be "attack manuals" used by hacker groups that are said to be the most damaging have leaked to dark sites. understood.

Experts analyze that they know how to attack hacker groups and can help them take countermeasures.

What was leaked was a file that seems to be an attack manual of a group of hackers called "Conti", which was uploaded to a Russian dark site where hackers exchange information on the night of the 5th of Japan time, according to an information security company. Confirmed by Mitsui Bussan Secure Direction.

In the file that seems to be the leaked attack manual, a tool to find out what kind of server or terminal is in the organization such as a company that invaded by hacking etc., and the stolen data is leaked to the cloud In addition to the tools, it contained a list of commonly used passwords.

Also, how to break into the server that stores the backup data, what kind of files should be stolen depending on the target, and what is called "zero logon" that can break into the core server without using a password. It describes how to make an attack that exploits vulnerabilities.

It seems that cyber attacks using ransomware are divided into a group of hackers who develop viruses like "Conti" and negotiate ransom, and an execution unit that actually attacks using viruses. This time, on the dark site, I found a post recruiting ransomware developers and members of the execution unit, and it was written that "There is paid leave for remote work 5 days a week".

Cyber ​​attacks using ransomware are becoming more serious in the world, with the largest pipeline in the United States being attacked and stopped in May.

The number of methods of requesting a ransom after stealing data from companies in advance is increasing, and "Conti" is one of the most clever and damaging groups among multiple hacker groups in the world. It is said that.

Takashi Yoshikawa of Mitsui Bussan Secure Direction, an information security company that analyzed files, said, "I found out that not only easy passwords but also backup data are targeted. It is necessary to take measures to block the route as much as possible and detect suspicious programs as soon as possible. "