Aug 26, 2024, 09:23 AM
The Russia-linked cybercrime group Qilin, believed to be responsible for the June attacks that disrupted several U.K. hospitals, has now escalated its tactics by stealing credentials stored within Google Chrome browsers. This new development adds a surprising and alarming twist to the already dangerous threat posed by ransomware attacks.
Qilin, though a relatively new player in the cybercrime world, has quickly gained notoriety for its Ransomware-as-a-Service (RaaS) operations. The group first emerged in October 2022 and has since been linked to a series of high-profile attacks. The latest analysis by researchers from the Sophos X-Ops team reveals that Qilin has adopted a new tactic that amplifies the damage caused by ransomware attacks.
During a recent investigation, the researchers uncovered that Qilin operators were not only deploying ransomware to cripple their targets but also simultaneously stealing credentials from Google Chrome browsers on certain endpoints within the victim’s network. This dual approach not only deepens the immediate impact of the ransomware attack but also extends the threat by compromising sensitive data and potentially enabling further breaches. This tactic, described by the Sophos X-Ops team as a “bonus multiplier for the chaos already inherent in ransomware situations,” significantly broadens the scope of the attack, putting more organizations at risk. The ability to steal browser-stored credentials allows the attackers to reach beyond the initial target, potentially compromising additional systems and networks.
As Qilin continues to evolve its methods, cybersecurity experts are urging organizations to remain vigilant, particularly in securing endpoints and educating users about the risks of storing sensitive credentials in web browsers. The incident underscores the growing complexity and sophistication of ransomware attacks, highlighting the need for robust, multi-layered security strategies.
Source: https://www.forbes.com/sites/daveywinder...eat-twist/
Qilin, though a relatively new player in the cybercrime world, has quickly gained notoriety for its Ransomware-as-a-Service (RaaS) operations. The group first emerged in October 2022 and has since been linked to a series of high-profile attacks. The latest analysis by researchers from the Sophos X-Ops team reveals that Qilin has adopted a new tactic that amplifies the damage caused by ransomware attacks.
During a recent investigation, the researchers uncovered that Qilin operators were not only deploying ransomware to cripple their targets but also simultaneously stealing credentials from Google Chrome browsers on certain endpoints within the victim’s network. This dual approach not only deepens the immediate impact of the ransomware attack but also extends the threat by compromising sensitive data and potentially enabling further breaches. This tactic, described by the Sophos X-Ops team as a “bonus multiplier for the chaos already inherent in ransomware situations,” significantly broadens the scope of the attack, putting more organizations at risk. The ability to steal browser-stored credentials allows the attackers to reach beyond the initial target, potentially compromising additional systems and networks.
As Qilin continues to evolve its methods, cybersecurity experts are urging organizations to remain vigilant, particularly in securing endpoints and educating users about the risks of storing sensitive credentials in web browsers. The incident underscores the growing complexity and sophistication of ransomware attacks, highlighting the need for robust, multi-layered security strategies.
Source: https://www.forbes.com/sites/daveywinder...eat-twist/