Vice Society hackers affecting global education sector
Microsoft Security Threat Intelligence has identified a cybercrime group named Vice Society (detected as DEV-0832). It has found that the group conducted ransomware and extortion campaigns against education sectors globally, while also affecting other industries, including local government and retail sectors.
The Microsoft Security Threat Intelligence team has identified ransomware and extortion campaigns of the cybercrime group Vice Society (detected as DEV-0832) conducted against education sectors globally; the campaigns also affected various industries, including local government and retail sectors. Microsoft found that the group has been shifting payloads from BlackCat, QuantumLocker, and Zeppelin; its latest payload is a Zeppelin variant, including Vice Society-specific extensions.
The cybercrime group has been active since June 2021 and has relied on tactics commonly used by other hackers, such as the ‘use of PowerShell scripts, misuse of legitimate tools, exploitation of publicly disclosed vulnerabilities for initial access and post-compromise elevation of privilege, and commodity backdoors like SystemC’. Microsoft provided in its blog hunting queries for users and guidelines for organisations to enhance their security against such attacks.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.