Banks and other organizations from the Australian financial sector have been the targets of an extensive extortion campaign over the past week.
A threat group has been emailing victims with threats to carry out distributed denial of service (DDoS) attacks unless the organizations pay hefty ransom fees in the Monero (XMR) cryptocurrency.
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) has sent out a security threat advice today about this ongoing campaign.
The ACSC said that based on current evidence, the attackers have not followed through on any of their threats, and no DDoS attacks have been observed.
Global DDoS extortion campaign that started last year
The threats received by Australian organizations over the past week are part of a global ransom denial of service (RDoS) campaign that began in October 2019.
As ZDNet reported at the time, initial extortion attempts targeted banks and other companies in the financial sector. However, following our initial article, these threats diversified and hackers also targeted other industry verticals.
The extortion demands continued through subsequent months, and hackers methodically expanded operations to target tens of countries from all continents across the globe.
In some cases, attackers followed through on their threats, but not against all targets, as it would have been impossible to muster the DDoS resources to attack all threatened parties. However, ZDNet can confirm that several attacks have taken place against companies targeted part of this ransom campaign.
Now posing as the Silence group
Furthermore, the group behind this campaign also regularly changed the name under which they signed extortion emails.
They initially used the name Fancy Bear, the name of the infamous hacking group associated with the Russian government, known for hacking the White House in 2014 and the DNC in 2016.
They later shifted to using Cozy Bear, the name of another well-known Russian government hacking squad, also known for its involvement in the 2016 DNC hack.
Other names they used include Anonymous, Carbanak, and Emotet. All are the names of known hacking and cyber-crime operations.
The extortionists behind this campaign are hoping that victims search these names online after they receive their emailed threats. Google returns thousands of search results for these terms, and the hackers are hoping that this would help give credence to their threat and convince victims to pay the extortion demand.