The CISA has updated its alert on Conti ransomware with new Indicators of Compromises (IOCs). The updated alert now includes around 100 domain names employed by the gang in its malicious activities.
The alert
The alert includes details observed by the CISA and the FBI in Conti ransomware attacks aimed at U.S. organizations. Additionally, the updated alert includes data from the U.S. Secret Service.
- The agency released a batch of 98 domain names that shared registration and naming characteristics similar to those used in Conti’s attacks from groups spreading the malware.
- Moreover, the agency noted that the domains were used in malicious operations and some of the domains may be left abandoned or coincidentally share similar characteristics.
Is Conti active right now?
Conti remains active even after the recent leaks of its source code in February. So far, it has targeted more than 1,000 organizations across the U.S. and other regions.
- This month, Conti has already targeted two dozen victims in the U.K, the U.S., Switzerland, Canada, Italy, Serbia, Saudi Arabia, and Germany.
- Further, some of the observed attack vectors used by Conti include Cobalt Strike and Trickbot.
Ending notes
The recent leak of internal details doesn’t seem to have affected Conti’s activities. Organizations should follow mitigation strategies and recommendations provided in the alert. Further, security admins can use provided IOCs for better detection of threats.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_266338532.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_27620916_MEDIUM.jpg)
