Iranian Hackers Targeting Companies In India Using Dharma Ransomware: Reports

Singapore-headquartered cybersecurity firm Group-IB has found that an Iranian group of newbie hackers recently targeted companies in India, Russia, Japan and China for financial gain. ALSO READ | Corona Vaccine Sputnik V: Russia Reaches Out To India For Collaboration On Vaccine, To Share Data As Well, Claim Sources The attacks were carried out in June using Dharma ransomware and a mix of publicly available tools, Group-IB said on Monday. All the affected organisations had hosts with Internet-facing RDP (Remote Desktop) and weak credentials. The hackers typically demanded a ransom between 1-5 BTC (Bitcoin), the company said. The value of one Bitcoin is currently believed to be more than Rs 8,46,387. Researchers with Group-IB recently observed increased activities around Dharma ransomware distribution. Dharma, also known as Crysis, has been distributed under a ransomware-as-a-service (RaaS) model at least since 2016. Its source code popped up for sale in March 2020 making it available to a wider audience, Group-IB said. ALSO READ | Prashant Bhushan Contempt Case: SC Reserves Verdict On Quantum Of Sentence, Says 'Not Right Behaviour' During an incident response engagement for a company in Russia, Group-IB's Digital Forensics and Incident Response (DFIR) team established that Persian-speaking newbie hackers were behind a new wave of Dharma distribution. Even though the exact number of victims is unknown, the discovered forensic artifacts allowed them to establish the geography of their campaigns and the toolset, which is far behind the level of sophistication of big league Iranian APTs (advanced persistent threats), the company said. The attacks came at a time when the pandemic exposed a great number of vulnerable hosts with many employees working from homes.