According to research carried out by SecureWorks, an Iranian Hacking group dubbed “Cobalt Mirage” was discovered to be distributing ransomware. The Advanced Persistent Group (APT) group linked to another Tehran-based threat activists group dubbed Cobalt Illusion APT35 is seen distributing file-encrypting malware that straightly wipes out files if the victim cannot pay the ransom on time.
Interestingly, the Iranian hacking group is found siphoning data from its victims, mainly government organizations and financial institutions, and is then found analyzing it to see if it is of any use to the Iranian government.
So far, Cobalt Mirage has targeted companies operating in Israel, the US, Europe, and regions that are against the government of Iran.
In most cases, the hackers from Iran are seen breaching networks by exploiting Log4j vulnerabilities and ProxyShell, along with Fortinet Security flaws- discovered in the early months of 2020.
To date, we have seen ransomware groups stealing data and encrypting the database until a ransom is paid. But Cobalt Mirage stands out differently as it wipes out data of victim databases if they cannot pay a ransom.
Note- Ransomware is a kind of malware that encrypts a database until a ransom is paid. As time has passed by, those involved in the distribution of ransomware aka file-encrypting malware have started to first steal data and then pressurize the victim to pay up. And if they cannot pay up, the stolen data is sold on the dark web. But with Cobalt Mirage, they are directly wiping out the database, as they do not give another chance to the victim to recover from the cyber attack.