Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
REvil (Sodinokibi) operators start a recruitment operation for affiliates. Bleeping Computer cybersecurity experts: The group behind the malware put $1 million on a hacker forum to show its “force”. It looks for skilled penetration testers and hackers
REvil (Sodinokibi) ransomware cybercrime operators start a recruitment operation with a $1 million in bitcoins deposited on a Russian-speaking hacker forum. The objective is to show that they are the top. According to Bleeping Computer cybersecurity experts, REvil announced that they are once again recruiting new affiliates to distribute their malware. As part of this recruitment drive, the gang is looking for teams of skilled hackers at penetration testing or experienced individuals. It means means that potential affiliates are vetted and interviewed before they are allowed to join the program. Many ransomware operations are conducted as a Ransomware-as-a-Service (RaaS), where developers are in charge of developing the malware and payment site, and affiliates are recruited to hack businesses and encrypt their devices. As part of this arrangement, the ransomware developers receive a 20-30% cut, and an affiliate gets 70-80% of the ransom payments they generate.