I ran across an interesting LinkedIn post recently, “interesting” in the sense that it addressed something I hadn’t seen a great deal of reporting on; that is, ransomware threat actors dropping multiple RaaS variants within a single compromised organization.
Here’s the original post from Anastasia that caught my attention. Anastasia’s post shares some speculation as to motivations for this approach, which kind of illustrates how this particular topic (motivations) is poorly understood. In item #1 on her list, I think what I’d be most in starting with is a better understanding as to how the findings were arrived at; that is, what were the data points that led to finding that a single affiliate was working with two different RaaS providers simultaneously. As someone who is very interested in the specifics of how threat actors go about their activities (the specifics as to how, not just the what), I have seen systems that were apparently compromised by two different threat actors simultaneously. I’ve also been involved in providing analysis for incidents where we were able to identify members of a threat group changing shifts, kind of like Fred Flinstone sliding down the back of a brontosaurus.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: