Several Australian financial organizations including banks have been the targets of an extensive extortion campaign over the past week.
A threat group were emailing targets with threats to carry out distributed denial of service (DDoS) attacks unless the organizations pay huge ransom fees in the Monero (XMR) cryptocurrency.
A security threat advice has been sent out by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) about the ongoing campaign.
According to the current evidence, the ACSC stated that the attackers have not followed through on any of their threats, and DDoS attacks have not been carried out.
The threats received by these Australian organizations since the past week are believed to be part of a global ransom denial of service (RDoS) campaign which started in October last year.
The initial extortion attempts targeted banks and other companies in the financial sector. But these threats later expanded and hackers also targeted other industries as well.
To name some, there were ransom demands made against banks in Singapore and South Africa, threats made against telecom companies in Turkey, internet service providers in South Africa, and online betting and online gambling portals across Southeast Asia.
The extortion demands continued through following months, and the hackers expanded their operations to target tens of countries from all continents across the globe.
In certain cases, the hackers followed through on their threats, but not against all victims, as it would be impossible to raise the DDoS resources to attack all threatened parties. But it is confirmed that several attacks have taken place against companies targeted part of this ransom campaign.
The group behind this campaign regularly changed the name under which they signed extortion emails. In the beginning they used the name Fancy Bear which is the name of the infamous hacking group associated with the Russian government, known for hacking the White House in 2014 and the DNC in 2016.
Later they changed it to Cozy Bear which is also a name of another well-known Russian government hacking squad, famous for its involvement in the 2016 DNC hack.
Several other names were also used by them which includes Anonymous, Carbanak, and Emotet which are all names of known hacking and cyber-crime operations.
Now they are using the name Silence, a famous hacking group known for stealing millions of US dollars from banks across Eastern Europe, South and Central Asia, and Sub-Saharan Africa.
The DDoS mitigation service Radware advised victims who received these types of DDoS extortion emails not to pay, and to contact a cyber-security firm instead.