Priya PatelTLDR:
- Security researchers have discovered close connections between the recently emerged 3AM ransomware operation and infamous cybercriminal groups Conti and Royal.
- 3AM has been using a new extortion tactic involving sharing news of a data leak on social media and engaging with high-ranking Twitter accounts.
- Researchers at Intrinsec found a significant overlap in communication channels, infrastructure, and tactics between 3AM and the Conti syndicate.
Security researchers at Intrinsec have linked the newly emerged 3AM ransomware operation to well-known cybercrime gangs Conti and Royal. Intrinsec discovered that 3AM has been using a new extortion technique, sharing news of a data leak with victims’ social media followers and replying to high-ranking Twitter accounts with messages that point to data leaks. Researchers uncovered a significant overlap in communication channels, infrastructure, and tactics between 3AM and the Conti syndicate. Intrinsec also noted that 3AM shared infrastructure with the ALPHV/BlackCat ransomware operation, which is associated with Conti and used the IcedID malware linked to Royal. Furthermore, 3AM used Twitter bots to spread news of its attacks, damaging the business reputation of its victims. While 3AM appears to be a less sophisticated subgroup of Royal, Intrinsec warns that it could still deploy a large number of attacks and should not be underestimated.
