CyberSecurity

Threats from Exotic Lily on New Emails

Pakyong, 13 March: Exotic Lily is an Initial Access Broker, also known as PROJECTOR LIBRA and TA580 (IAB). Since its debut, the threat actor has been well-known in the dark web thanks to its associations with ransomware organizations like Diavol and Conti. ReliaQuest researchers recently discovered and looked into phishing efforts made by the group.

What is happening?
A target was sent an email purporting to be a business opportunity to start the assault.
Exotic Lily created a fake domain to give the impression that it was from an authentic company. The top-level domain was the only distinction between the two domains.

As soon as communication was established, a malicious zip file was hosted on well-known file-sharing services like WeTransfer, OneDrive, TransferNow, and TransferXL. Exotic Lily delivers the BumbleBee loader to the victim’s assets using Windows shortcuts to install malicious software.

Why it’s important ?
Exotic Lily is renowned for its proficiency in getting login information from significant targets using strategies such pretending to be an employee, OSINT, and the production of convincing fake papers.
Exotic Lily’s phishing operations have become quite popular and successful because it pays special attention to the smaller aspects.

The assailants follow a tried-and-true process that frequently starts with striking up a friendly dialogue with the victim.
These profiles take use of the victim’s implicit trust to tempt them into visiting sites that seem harmless but actually contain malicious payloads.

IAB statistics:
According to a research from January, there were 2,348 incidents of corporate access being sold by IABs on the dark web between H2 2021 and H1 2022, which is a twofold increase.

IABs generally targeted businesses in the U.S. that provided financial services (5.1%), manufacturing (5.8%), real estate (4.6%), and education (4.2%). Compromised VPNs (37%) and RDP (36% of the access methods allowed) were the most frequently used.

The conclusion:
It is important to verify that the organization’s present security posture is strong in case a threat group like Exotic Lily targets it. Unauthorized peer-to-peer, torrent, and file-sharing websites should be blocked, according to ReliaQuest. Furthermore, it is advised to establish strict policy and user access controls for the executables that are permitted on the corporate network.

For breaking news and live news updates, like us on Facebook fb.com/thevoiceofsikkim or follow us on Twitter twitter.com/thevoicesikkim and Instagram instagram.com/thevoiceofsikkim. Visit www.voiceofsikkim.com.