Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers
Contents
The Halcyon Research and Engineering Team has published new research that details novel techniques used to unmask yet another Ransomware Economy player that is facilitating ransomware attacks and state-sponsored APT operations: Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.
While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors.
In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps), Halcyon demonstrates a unique method for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly âleft of boom.â Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy …
While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors.
In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps), Halcyon demonstrates a unique method for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly âleft of boom.â Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy …