Sneaking Leprechaun

History

2022: Attack of 30 IT companies from Russia and Belarus for ransom

The hacker group Sneaking Leprechaun attacked about 30 IT companies from Russia and Belarus in a year in order to obtain a ransom. In May 2023, RIA Novosti was told about this in the digital risk management company Bi.Zone.

According to experts, the bulk of the victims are engaged in the development and integration of software. In addition, among the victims were firms engaged in finance, logistics, the provision of medical services, as well as government agencies. Hackers hacked into servers and gained access to data from organizations.

Sneaking Leprechaun group attacked about 30 IT companies in a year

According to experts, hackers hacked servers and, using outdated versions of Confluence, Bitrix and Webmin running Linux, gained access to the infrastructure of organizations. The criminals then used malware to pin to the system.

At the same time, being unnoticed, hackers manually analyzed the data and copied those that were considered valuable. The attackers contacted the company and provided evidence that they had information. After that, the hackers demanded a ransom, threatening to place the stolen in the public domain. Bi.Zone Strategy Director Yevgeny Voloshin also noted that among the victims of Sneaking Leprechaun there are companies from industry, finance, logistics, medicine, as well as government agencies.

Sergei Polunin, head of the infrastructure IT protection group at Gazinformservice, spoke about the reasons for such attacks:

In this case, hackers attacked through outdated versions of the software, this is a fairly common story, and most likely over time it will become more and more widespread. The main reasons are two. First, the departure of Western vendors and the loss of the ability to receive security updates for their products. Secondly, savings. Many companies have begun to save on specialists and processes, and the vulnerability management process is key.[1]

Notes