Since Aug 2020, there has been a new wave of ransom letters being sent to several organizations by actors posing as “Fancy Bear,” “Armada Collective” or “Lazarus Group.” The letters are sent to a generic email address and do not always immediately reach the right person in the organization. In some cases, letters were received by subsidiaries or branches in the wrong country.
By SPTel and Radware
The letters from “Armada Collective” were an earlier outlier and used different language compared to letters from the same period and more recent extortion letters from actors posing as “Fancy Bear” and “Lazarus Group.” The latter are consistent in their use of the English language, matching up paragraph by paragraph. The letters have been improved since the start of the campaign by fixing some typos, rephrasing some actions for better clarity, and press coverage of earlier DDoS attacks that impacted financial organizations have been added to instill more fear.
Who are the perpetrators, what is the cost to victims, how should you handle such threats to your organization? Read on to learn more.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.