Cert2Connect

Play Ransomware Engagement

Unit 42 has identified Jumpy Pisces a North Korean state-sponsored threat group as a key player in a recent ransomware incident. The group appears to be collaborating with the Play ransomware group marking a shift in their tactics. This is the first observed instance of Jumpy Pisces using existing ransomware infrastructure potentially acting as an initial access broker or an affiliate. The attack timeline spans from May to September 2024 involving initial access through a compromised user account lateral movement and persistence using tools like Sliver and DTrack. The incident culminated in the deployment of Play ransomware in early September. This collaboration signals deeper involvement of North Korean threat actors in the broader ransomware landscape potentially leading to more widespread and damaging attacks globally.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak