Written by AJ Vicens
Mar 17, 2022 | CYBERSCOOP
In early September, researchers with Google’s Threat Analysis Group started tracking a financially motivated hacking group exploiting a since-patched Microsoft vulnerability to gain access to targeted computers.
Later it became clear that the group is what’s known as an initial access broker — a crew specializing in gaining entry to high-value networks and selling that access to other cybercriminals — and that it is closely affiliated with the notorious Conti ransomware organization.
In findings published Thursday, the Google researchers detail how the group they’re calling “Exotic Lily” employed relatively novel tactics to gain access to targets, and how, at its peak, the hackers sent an estimated 5,000 emails per day to as many as 650 targeted organizations globally.
Up through November 2021 the group seemed focused on IT, cybersecurity and health care organizations, but more recently Exotic Lily has been targeting a wide variety of industries, the researchers wrote.
“This level of human-interaction is rather unusual for cyber crime groups focused on mass scale operations.”
— Google’s threat analysis Group
The group displayed a couple of unique approaches, the researchers said: The hackers spoofed companies and employees to gain