OldGremlin
Description
(Group-IB) Group-IB Threat Intelligence team recently tracked a successful attack conducted on a Russian medical company by OldGremlin, a new criminal group. The threat actor encrypted the company’s entire corporate network and demanded a $50,000 ransom. It is common knowledge that Russian hackers have an unspoken rule about not working within Russia and post-Soviet countries. Yet OldGremlin, made up of Russian speakers, is actively attacking Russian companies: banks, industrial enterprises, medical organizations, software developers… According to Group-IB expert estimations, since the spring OldGremlin has conducted at least seven phishing campaigns. The hackers have impersonated the self-regulatory organization Mikrofinansirovaniye i Razvitiye (SRO MiR); a Russian metallurgical holding company; the Belarusian plant Minsk Tractor Works; a dental clinic; and the media holding company RBC.
Names
| Name | Name-Giver |
|---|---|
| OldGremlin | Group-IB |
Country
Motivation
- Financial crime
- Financial gain
First Seen
2020
Observed Sectors
Observed Countries
Tools
Operations
- 2021-02: Old Gremlins, new methods https://blog.group-ib.com/oldgremlin_comeback
Information
- https://www.group-ib.com/blog/oldgremlin
- https://www.group-ib.com/media-center/press-releases/oldgremlin-2022/
Other Information
Uuid
a44f6f3b-1fa2-41e1-8c75-71de568db6e4
Last Card Change
2022-11-18