In 2021, Cobalt Mirage scanned ports 4443, 8443, and 10443 for devices vulnerable to Fortinet FortiOS vulnerabilities, the researchers said. The threat actors obtain initial access via scan-and-exploit activity. Cluster B focuses on targeted intrusions to gain access and collect intelligence, but some of the activity has experimented with ransomware,” they said in a blog post.Ĭobalt Mirage has demonstrated a preference for attacking organizations in Israel, the U.S., Europe, and Australia, according to Secureworks researchers. “In Cluster A, the threat actors use BitLocker and DiskCryptor to conduct opportunistic ransomware attacks for financial gain. Elements of Cobalt Mirage activity have been reported as PHOSPHOROUS and TunnelVision.īased on intelligence gained from Secureworks incident response engagements and public reporting, Secureworks researchers identified two distinct clusters of Cobalt Mirage intrusions labeled Cluster A and Cluster B. It is possible that the two groups share tradecraft and access.
The hacker group has been linked to the Iranian COBALT ILLUSION threat group, predominantly using persistent phishing campaigns to obtain initial access. Secureworks researchers are investigating attacks by the Iranian threat group, Cobalt Mirage, which has been conducting ransomware operations in the U.S.
0 kommentar(er)
