The Sneaking Leprechaun hacker group has reportedly attacked more than 30 software development organizations from Russia and Belarus within a year for ransom. DEA News at the digital risk management company Bi.Zone.
The source also said that among the victims were companies from the industry, finance, logistics and pharmaceutical sectors, as well as government institutions.
According to experts, this group infiltrated the company’s infrastructure by hacking servers. However, Bi.Zone noted that in the classical order, if the attackers immediately encrypt the data and demand a ransom, then the hackers behave differently.
Hackers exploited vulnerabilities in older versions of Bitrix, Confluence, and Webmin on servers running Linux to gain access to companies’ infrastructure. Once the attackers infiltrate, it gains a foothold in the system using proprietary malware. They then manually reviewed the data and copied valuable information.
“The attackers later demanded ransom and threatened to make otherwise stolen goods publicly available,” Bi.Zone said.
Before hackers from the Leak Wolf group, without using malware and appearing as real employees of organizations, kidnapped Data from more than 40 Russian companies.