Log In

Reset Password

Several notorious gangs behind cyberattacks

Experts say the attack on Bermuda is likely to involve ransomware (File photograph)

The Government has yet to confirm if last week’s cyberattack on its IT systems involved ransomware, though experts have said it is the most likely scenario.

Such attacks are carried out by criminal hackers and there are several notorious gangs which regularly claim responsibility.

David Burt said the initial indication was the “sophisticated and deliberate” September 20 attack came from “an external source, most likely from Russia”.

The Premier has not commented further on who may have carried it out, citing an ongoing investigation.

Russian hacking group ALPHV/BlackCat was responsible for a cyberattack on MGM Resorts International ten days before the breach of Bermuda’s systems.

It was reported that a range of services remained offline for days, with the breach affecting websites, online reservations, ATMs, credit card machines, slot machines and room keys at MGM Resort locations across the US.

A malware research group called VX-Underground claimed on X, formerly known as Twitter, that ALPHV compromised the multibillion dollar casino company by calling an MGM Resorts employee and having a ten-minute conversation.

The group claimed responsibility, five days after the attack, on its dark web victim blog.

In July, the same group claimed to have stolen over seven terabytes of confidential data from an NHS trust in East London.

It was reported last year that ALPHV leaked an unspecified amount of compromised data related to the Municipality of Quito in Ecuador.

Forbes described ALPHV earlier this month as "an extremely well-known black-hat actor in the cybersecurity industry“, noting that the CISA, America’s cyber defence agency, issued an alert based on an FBI flash report which said it had ”compromised at least 60 entities worldwide“.

Conti, another notorious Russia-linked gang, claimed responsibility for a ransomware attack on the Government of Costa Rica last year.

It was reported that 27 government bodies were initially targeted, while a second attack carried out by the HIVE hacking group caused chaos within the Central American country’s healthcare system.

A June 2022 article in Wired quoted threat analyst Brett Callow as saying of the Costa Rica attack: “This is possibly the most significant ransomware incident to date.

“I can’t recall another occasion when an entire federal government has been held to ransom like this — it’s a first; it’s quite unprecedented.”

The article reported that Conti demanded $10 million as a ransom payment, later upping the figure to $20 million. When no payment was made, they began uploading files stolen during the breach to Conti’s website.

The attack on Costa Rica was followed by one on Peru, affecting its finance ministry and an intelligence agency.

According to threat intelligence company Recorded Future, the Costa Rica attack ”marked the first time that ALPHV targeted a government entity located in Latin America”.

A November 2022 report from the Security Intelligence blog, which provides analysis from cybersecurity industry professionals, suggested that threat actors — those who intentionally cause harm to IT systems — may begin to target smaller countries because they would not have the resources to thwart an attack and their capacity to retaliate would be far less than larger nations.

You must be Registered or to post comment or to vote.

Published September 29, 2023 at 9:50 am (Updated September 29, 2023 at 9:50 am)

Several notorious gangs behind cyberattacks

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon