Several prominent cybercrime groups have been observed recruiting new members at an alarming rate, according to new reports.
Avast's recent Q2022 XNUMX Threat Report revealed that some threat actors started hiring because of success, others because they got caught by cybersecurity researchers.
The LockBit group, for example, known for its eponymous ransomware variant, has been "very active this quarter," the researchers said.
new projects
One of the ways that Avast saw the group recruit new members and affiliates was with a new bounty hunter program.
In late June 2022, LockBit released a new version of its encryptor, and to make sure it was airtight, offered $50 to anyone who found a vulnerability in encrypting large database files. Other bonuses were also offered. For example, anyone who discovers the name of the affiliate's boss receives a million dollars.
There are also high payouts for weaknesses found in the encryption process, a vulnerability in the LockBit website, or vulnerabilities in the TOX messenger or TOR network.
Additionally, he was offering €1,000 to anyone who got the LockBit logo tattooed on their body.
The NoName057(16) hacker group, which suffered a major blow after its main Bobik C2 server was disabled and its botnet shut down, began recruiting for a new project in mid-August this year, researchers discovered. researchers. Suspecting that they need fresh blood to continue active DDoS attacks, the researchers noted that the threat actor opened a new group dedicated to the DDDOSIA project. At the end of last month, the group had more than 700 members.
The project allows hackers to download an ID binary, allowing them to launch DDoS attacks in exchange for cryptocurrency.
In addition to LockBit and NoName057(16), Avast has identified nearly a dozen botnet operators who are currently actively seeking new members. These include the dreaded Emotet and Ursnif, but also Phorpiex, Tofsee, MyloBot, Nitol, Dorkbot, MyKings and Amadey.
- Check out our overview of the best firewalls (opens in a new tab) right now