Fancy Bear imposters are on a hacking extortion spree
Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs—and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.
On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The communications threaten that if the target doesn’t send a set number of bitcoin—typically equivalent to tens or even hundreds of thousands of dollars—the group will launch powerful distributed denial of service attacks against the victim, walloping the organization with a fire hose of junk traffic strategically directed to knock it offline.
This type of digital extortion—give us what we’re asking for and we won’t attack you—has resurfaced repeatedly throughout the last decade. But in recent months, criminals have attempted to capitalize on fear about high-profile nation-state attacks, combined with anxieties related to rising ransomware attacks, to try to make some extra money.