Financially motivated hackers with ties to a notorious Conti cybercrime group are repurposing their resources for use against targets in Ukraine, indicating that the threat actor’s activities closely align with the Kremlin’s invasion of its neighboring country, a Google researcher reported on Wednesday.
Since April, a group researchers track as UAC-0098 has carried out a series of attacks that has targeted hotels, non-governmental organizations, and other targets in Ukraine, CERT UA has reported in the past. Some of UAC-0098’s members are former Conti members who are now using their sophisticated techniques to target Ukraine as it continues to ward off Russia’s invasion, Pierre-Marc Bureau, a researcher in Google’s Threat Analysis said.
An unprecedented shift
“The attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations,” Bureau wrote. “TAG assesses UAC-0098 acted as an initial access broker for various ransomware groups including Quantum and Conti, a Russian cybercrime gang known as FIN12 / WIZARD SPIDER.”