Back

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

Aug. 20, 2024, 8:56 a.m.

Tags

ransomware
vulnerability
india
banking
2024-08-20
jenkins
ransomexx
CVE-2024-23897

External References

https://www.cloudsek.com/

https://otx.alienvault.com/

Description

CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics like phishing, exploiting vulnerabilities, and using legitimate tools for lateral movement. The group exfiltrates data before encryption for double extortion and demands significant ransom payments, often negotiating based on the victim's perceived ability to pay. The attack highlights supply chain vulnerabilities and the need for robust cybersecurity practices across critical vendors and ecosystems.

Date

Published Created Modified
Aug. 20, 2024, 8:35 a.m. Aug. 20, 2024, 8:35 a.m. Aug. 20, 2024, 8:56 a.m.

Indicators

b89742731932a116bd973e61628bbe4f5d7d92b53df3402e404f63003bac5104

ec2a22d92dd78e37a6705c8116251fabdae2afecb358b32be32da58008115f77

ad635630ac208406cd28899313bef5d4e57dba163018dfb8924de90288e8bab3

981e6f2584f5a4efa325babadcb0845528e8147f3e508c2a1d60ada65f87ce3c

78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13d

62e9d5b3b4d5654d6ec4ffdcd7a64dfe5372e209b306d07c6c7d8a883e01bead

48460c9633d06cad3e3b41c87de04177d129906610c5bbdebc7507a211100e98

5c3569c166654eed781b9a2a563adec8e2047078fdcbafcdef712fabf2dd3f57

335d1c6a758fcce38d0341179e056a471ca84e8a5a9c9d6bf24b2fb85de651a5

09c99e37121722dd45a2c19ff248ecfe2b9f1e082381cc73446e0f4f82e0c468

259670303d1951b6b11491ddf8b76cad804d7a65525eac08a5b6b4473b42818b

http://iq3ahijcfeont3xx.sm4i8smr3f43.com

https://iq3ahijcfeont3xx.tor2web.blutmagie.de

http://iq3ahijcfeont3xx.fenaow48fn42.com

Attack Patterns

RansomEXX

RansomEXX

T1003.003

T1021.002

T1567.002

T1003.001

T1569.002

T1021.001

T1543.003

T1078.003

T1074.001

T1490

T1059.003

T1059.001

T1547.001

T1562.001

T1005

T1489

T1486

T1082

T1057

T1566.001

T1046

T1140

T1027

T1041

T1190

T1078

T1068

CVE-2024-23897

Additional Informations

Finance

British Indian Ocean Territory

India