BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The Gold Melody group sells initial access to cybercriminals of all stripes

     

    Every company that has been hacked will undoubtedly find a buyer.

    Recently, it was discovered that the financially driven Gold Melody group is an initial access broker (IAB) who sells third-party cybercriminals access to infected organizations so they can launch follow-on attacks.

    Researchers at Secureworks gave the group the moniker "Gold Melody," but CrowdStrike and Mandiant also refer to it as "Prophet Spider" and "UNC961."

    Secureworks claims that Gold Melody hackers have been active since 2017 and are experts at breaking into organizations using flaws in unpatched servers that are connected to the Internet.

    Instead of acting in the best interests of governmental organizations, this group's attacks are primarily driven by financial considerations and profit-making objectives.

    Attacks on JBoss Messaging, Citrix ADC, Oracle WebLogic, Apache Log4j, GitLab, and other systems have previously been connected to Gold Melody.

    In the middle of 2020, the group's operational area was expanded. Organizations in the retail, healthcare, energy, financial transactions, and high technology sectors were the targets of the attacks. Western Asia, North America, and Northern Europe were now part of the geography.

    Mandiant analysts point out that UNC961's actions frequently come before the release of ransomware like Maze and Egregor. Gold Melody uses a wide variety of tools, including its own Trojans and remote access programs like GOTROJ and BARNWORK.

    Secureworks connected Gold Melody to five distinct intrusions that took advantage of entirely different vulnerabilities between July 2020 and July 2022. Following successful system penetration, web shells are typically used to hold the line before directories are created on the compromised host to house the tools needed for subsequent attacks.

    The exploration stage lays the groundwork for data inference, lateral movement, and account mining. Once it has been put into place, the group can sell access to additional attackers who have their own ideas for the chosen company.

    Notably, Secureworks linked the group to five Gold Melody attacks from 2020 to 2022, all of which ultimately failed. Despite this, the researchers stress that Gold Melody's actions and practices serve as a reminder of the significance of maintaining the most recent versions of software in use in organizations.

    Most vulnerabilities that attackers exploit have patches available very quickly, but businesses themselves take their time installing those patches on their systems. And cunning hackers are powerless to stop themselves when they come across such tempting and exposed targets online.

    Author DeepWeb
    Savage Google Bard & ChatGPT Clones Now Available to Financial Cybercriminals on the Dark Web
    Google had to reveal all of its cards after its lies were exposed

    Comments 0

    Add comment