Newly emergent Mad Liberator ransomware gang detailed

16 August 2024

Approval of an AnyDesk connection authorization request sent by Mad Liberator to one organization prompted the execution of a Windows update screen-emulating binary to obtain device control and access to a linked OneDrive account, as well as centralized server files, according to a report from Sophos X-Ops. Mad Liberator then proceeded to exfiltrate files via the AnyDesk FileTransfer facility before using the Advanced IP Scanner to scan for other devices that could be breached and running a ransom note, with the nearly four-hour intrusion ending with the restoration of device control to the victim, said Sophos X-Ops researchers.

Source: SC Magazine

Date:

16 August 2024

Categorie(s):

NEWS

Tag(s):

IT, Mad, News, Ransomware

Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale6 November 2024
Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024
DocuSign’s API used to lure victims into e-signing fake invoices5 November 2024
Schneider Electric ransomware crew demands $125k paid in baguettes5 November 2024