Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The hackers claiming responsibility for the trio of major UK retailers that were hacked in recent weeks are believed to have ties to the Russian government.
The DragonForce ransomware gang claimed responsibility for cyber attacks on 3 UK retail giants - Marks & Spencer (M&S), Co-op and Harrods.
Now, researchers from Halcyon have suggested that the group may have ties to the Kremlin based on their stance against affiliates and other hackers targeting Russia and former Soviet nations.
“Any attack by our software on critical infrastructure, hospitals where patients, children, and the elderly are kept, or on the countries of the former Soviet Union, is a PROVOCATION [sic] by unscrupulous partners,” the group said.
“We, as regulators, are doing our best to counteract this, and we will punish any violations, as well as assist in solving the problems of the affected parties.'
The message seems to be addressed to its affiliates, other hacking groups and members of the groups new partner system, through which it allows other hackers to use its infrastructure while retaining their own identity and brand, what DragonForce calls a “white label” model.
The group adds its “not here to kill” but just “to make money and do business.”
Halcyon says this stance allows the group to make money while also doing work for the Russian Federation without fear of consequence from the Kremlin.
“Let’s call it like it is: ransomware is a dual-purpose weapon. While crews like DragonForce are making money from their attacks, they are also doing Moscow’s dirty work at the same time.
“When a ransomware gang openly declares their tooling can’t be used against Russian infrastructure or former Soviet states and they threaten to “punish” anyone who crosses that line, they’re revealing the direct connection between ransomware and Russian state-sponsored operations.
“This is the playbook: ransomware operators rake in millions while acting as proxy attackers for the Russian government. Meanwhile, the Kremlin gets to sit back with clean hands and deny everything.”
Analysts have also theorised that the cyber attacks on the 3 UK retailers may not have been by DragonForce, but their affiliate Scattered Spider.
This idea first appeared after BleepingComputer reported that M&S engaged Microsoft, CrowdStrike, and Fenix24 for an investigation into the breach, which had concluded that Scattered Spider was behind the incident.
Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US.
The group is believed to have close ties to the DragonForce ransomware gang, with some saying they are one of DragonForce’s affiliates. It was also noted that the M&S attack was done using DragonForce ransomware, suggesting that Scattered Spider may be part of its new partner program.
Halcyon has also said that investigators have concluded that it was DragonForce infrastructure used in the 3 cyber attacks, not the tools of Scattered Spider.
Be the first to hear the latest developments in the cyber industry.
