AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
Trend Micro: A fake DarkSide campaign targets Energy-Food sectors. A low-level attacker is trying to profit off the current situation around the ransomware group
A fake DarkSide campaign targeted Energy and Food sectors. It has been detected by Trend Micro cybersecurity experts. Several companies have recently received threatening emails supposedly from the cybercrime gang behind the Colonial Pipeline ransomware attack. In this email, they claim that they have succesfully hacked the target’s network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins is not paid. However, the content used on the emails has led researchers to believe that they did come from an opportunistic low-level attacker trying to profit off the current situation around DarkSide. The email doesn’t mention anything about proving that they have indeed obtained confidential or sensitive information. Furthermore, there is no encryption of any content. Finally, the threat actors mentioned JBS as the victim of one of their recent attack. However, it was not attributed to DarkSide, but to REvil (aka Sodinokibi).