ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > NB65

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: NB65

NamesNB65 (self given)
Country[Unknown]
MotivationFinancial gain
First seen2022
Description(BleepingComputer) A hacking group used the Conti's (Wizard Spider, Gold Blackburn) leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.

This lack of attacks is due to the general belief by Russian hackers that if they do not attack Russian interests, then the country's law enforcement would turn a blind eye toward attacks on other countries.

However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks.
ObservedCountries: Russia.
Tools usedNB65.
Operations performedApr 2022The Russian entities claimed to have been attacked by the hacking group include document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster
<https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/>
Information<https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/>

Last change to this card: 04 May 2022

Download this actor card in PDF or JSON format

Previous: Nazar
Next: Neodymium

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]