"Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group could be evolving its current operations to target virtualized infrastructures via VMware."
Some of the prominent sectors targeted by the cybercrime group include IT services, telecommunications, manufacturing, and healthcare.
Truesec, in an analysis published earlier this month, detailed Helldown attack chains that have been observed making use of internet-facing Zyxel firewalls to obtain initial access.
Sekoia's new analysis shows that the attackers are abusing known and unknown security flaws in Zyxel appliances to breach networks, using the foothold to steal credentials and create SSL VPN tunnels.
Collection
[
|
...
]