Tuesday, April 11, 2023

4 Hacking Groups Causing Headaches in the InfoSec Community

Internet safety is important especially when you are working online or have online banking or any other important information on the web. Since my son is learning all about cyber security in his advanced level cyber course for high schoolers, I'm learning just how unsafe all our information is. For example, he already has shown me how insecure many different important websites and services are. There have also been terror attacks that have involved hacking. I try to keep up to date on different security issues now that I've been made aware just how widespread hacking is, to remind myself that I need to keep my work related things secure. Read on to learn about some of the big problematic cyber attacks out there.


In recent years, there have been several high-profile cyberattacks that caused severe headaches for companies around the world. 

From ransomware attacks to data breaches, these malicious groups may be on the lookout for opportunities to exploit weaknesses in your security systems. Consider adding malware protection to your practices so you might catch suspicious activity before it becomes a larger issue. 

To help you stay informed and protect yourself and your business from potential threats, here are four of the most notorious hacking groups today:
1) Conti 

Conti is believed to be a Russian-based cybercrime organization that specializes in ransomware attacks. 

The group has been active since 2020 and is responsible for some of the largest data breaches in history, including the attack on Ireland’s Health Service and the government of Costa Rica. 

During the attack on Ireland’s Health Service—the nation’s public healthcare system—in 2021, they had to shut down IT operations which wreaked havoc on the entire healthcare infrastructure, limiting access to medical and diagnostics records and slowing response times. The group asked for a ransom of just under $20 to decrypt and delete the stolen data.

The collective is said to have ceased operations after the Russia-Ukraine war. 

2) LockBit 

LockBit has been active since 2019 and is thought to have ties to Russia. 

The group targets large enterprises with sophisticated malware variants which allow them to encrypt sensitive data before demanding a hefty ransom payment from their victims.

In early 2023 LockBit launched a ransomware attack on Royal Mail—a British postal service—that caused significant operational disruption. The service provider even told consumers to stop sending overseas letters and packages after the attack. 

The group initially demanded an $80 million ransom to decrypt the files and halt data publication. LockBit later lowered its demand to $40 million.

3) Lazarus Group 

The Lazarus group is a North Korean hacking collective first discovered in 2009. It remains one of the most active state-sponsored threats, primarily because the operation is well-resourced and constantly developing new techniques and tools. 

The group is believed to be behind several high-profile incidents, including the infamous 2017 WannaCry attack, which crippled hundreds of thousands of computers worldwide. 

During the Covid-19 pandemic, the Lazarus group targeted multiple major pharmaceutical organizations, but the only confirmed victim was AstraZeneca. It’s thought that the goal was to steal information since there was no monetary ransom. 

On April 2022, the U.S. Treasury’s Office of Foreign Assets Control placed Lazarus on the Specially Designated Nationals and Blocked Persons List (SDN) under North Korea Sanctions. 

4) Lapsus$ 

Lapsus$, a Russian hacking group, gained prominence in 2022 for attacks against corporate networks globally. 

However, the cybercrime collective first made headlines when it deployed a ransomware attack against the Brazilian ministry of health in 2021. 

The group’s tactics involve flooding target networks with massive amounts of traffic until they collapse under the strain or shut down entirely due to lack of resources—an approach that has proven effective at disrupting business operations. 

Notable Lapsus$ victims include Samsung, Microsoft, and Uber, among others.  

The Federal Bureau of Investigation (FBI) asked the public for assistance in the investigation involving the compromise of computer networks belonging to U.S.-based technology companies in March 2022.

Bottom Line

The InfoSec community faces constant threats from increasingly sophisticated hacking groups like Conti, LockBit, Lazarus Group, Lapsus$, and others. 

While these organizations may have different agendas, they all may cause severe damage through malicious cyberattacks.

To stay safe against cyber intrusions, it’s of the utmost importance for organizations to prioritize cybersecurity efforts and remain vigilant online. 

With continuous monitoring and attentive awareness of current threats, you can ensure your network remains secure.