Kaspersky Laboratory has identified a new version of malicious software called Lockbit Green. The malware uses code from the now-defunct Conti group, and phishing campaigns targeted towards business users have also been identified.
Originally recorded in February 2023, Lockbit Green is a modified version of malicious software that borrows 25% of its code from Conti. Threat Attribution Engine (KTAE) from Kaspersky Lab discovered that the transferred elements ranged from ransom notifications to command parameters, as well as encryption schemes.
Officials have described Lockbit as one of the most prolific hacking groups focused on spreading malware. Known for attacking organizations globally and using codes from other cyber attacker groups, such as BlackMatter and Darkside, Lockbit simplifies the attack process.
According to the report, phishing campaigns by organizations that imitate attacked sites are one of the ways that these attackers obtain access to participants’ email addresses. In January 2023, one such campaign utilized SwitchSymb tools, which can produce phishing pages aimed at a variety of targets.
Given the severity of the situation, Kaspersky Lab recommends that firms use dependable antivirus software, keep their software up to date, conduct regular data backups, and provide security training to employees.