Vice Society hackers affecting global education sector

Microsoft Security Threat Intelligence has identified a cybercrime group named Vice Society (detected as DEV-0832). It has found that the group conducted ransomware and extortion campaigns against education sectors globally, while also affecting other industries, including local government and retail sectors.

The Microsoft Security Threat Intelligence team has identified ransomware and extortion campaigns of the cybercrime group Vice Society (detected as DEV-0832) conducted against education sectors globally; the campaigns also affected various industries, including local government and retail sectors. Microsoft found that the group has been shifting payloads from BlackCat, QuantumLocker, and Zeppelin; its latest payload is a Zeppelin variant, including Vice Society-specific extensions.

The cybercrime group has been active since June 2021 and has relied on tactics commonly used by other hackers, such as the ‘use of PowerShell scripts, misuse of legitimate tools, exploitation of publicly disclosed vulnerabilities for initial access and post-compromise elevation of privilege, and commodity backdoors like SystemC’. Microsoft provided in its blog hunting queries for users and guidelines for organisations to enhance their security against such attacks.