New Threat Group Atom Silo Launches Sophisticated 2-Day Cyber Attack
Sophos has discovered a sophisticated cyber attack by Atom Silo, a new, highly advanced threat group. The incident, lasting two days, involved ransomware and data theft, exploiting an unpatched Confluence vulnerability.
Attackers initially breached the system via a backdoor in the Confluence server, then installed a second, stealthy backdoor. They moved laterally through the network, compromising more servers and installing backdoors through the Windows Management Instrumentation (WMI) interface. The backdoor connected to a remote command-and-control server over TCP/IP port 80 for remote command execution.
The ransomware payload included a malicious kernel driver to disrupt endpoint protection software. The attackers used Remote Desktop Protocol (RDP) to find, copy, and exfiltrate data to Dropbox before releasing the ransomware executable. The incident highlights the danger of unpatched vulnerabilities in internet-facing software. The ransomware used is virtually identical to LockFile but employed novel techniques for intrusion. Sophos research reveals that the behind-the-scenes actor operates similarly to the LockFile ransomware group but with more complex maneuvers and techniques.
The Atom Silo attack demonstrates the evolving threat landscape, with new groups employing sophisticated tactics. The incident underscores the importance of timely software patching and robust network security measures to mitigate such threats.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- UK Government Steps In With £1.5bn Loan to Save JLR After Cyberattack
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
