Multiple software development companies in Russia and Belarus targeted by hackers

Moscow, May 23 – Over the past year, the hacker group Sneaking Leprechaun has attacked more than 30 organizations from Russia and Belarus for ransom, and most of the victims are involved in the development and integration of software (software), the News Agency told the digital risk management company Bi.zone.

He added that among the victims were companies in the fields of industry, finance, logistics, and medicine, in addition to government agencies. According to experts, this group hacked servers and penetrated the organizations’ infrastructure. But if in the classic scheme the attackers immediately encrypted the data and demanded a ransom, then in this case the criminals acted according to a different scenario, Bi.Zone noted.

To gain access to the victims’ infrastructure, the attackers used vulnerabilities in outdated versions of Bitrix, Confluence, and Webmin on servers running Linux. After a successful penetration, the attackers locked themselves in the system using malware of their own design.

“Undetected, they manually analyzed the data and copied the data they deemed valuable. The criminals contacted the company and provided evidence that they had the information. The attackers then demanded a ransom, threatening otherwise to put the stolen goods into the public domain,” the company said.