Iron Cybercrime Group use HackingTeam tools to spread ransomware

Intezer, an Israeli cybersecurity company, published a blog post on May 29, 2018, stating that it had discovered a previously unknown backdoor when monitoring public data streams in April 2018. The back door was developed by the cybercrime group behind Iron Ransomware. Intezer called the organization the “Iron Cybercrime Group,” and suspected that the hacking organization originated in China.

It is speculated that Iron Cybercrime Group has been active for the past 18 months. The organization used the RCS source code leaked by the Italian spying software vendor HackingTeam in this back door.

Intezer noted that:

“the Iron group has developed multiple types of malware (backdoors, crypto-miners, and ransomware) for Windows, Linux and Android platforms. They have used their malware to successfully infect, at least, a few thousand victims.”

Ari Eitan, head of research with Intezer said “This is likely an advanced Chinese criminal group. It’s rare to see people using the old HT [HackingTeam] code, today, because with stuff like this it’s not as simple as a copy and paste. Lot’s of other source code is effective and easier to adopt. … What we see is a big operation with recently written tools.”

Source: cyberscoop