Exotic Lily is a business-like access broker for ransomware gangs A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google's Threat Analysis Group (TAG). Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups …
Therefore, HildyJ, whenever as everyone knows, nothing is ever as it seems and sounds like, it may very well not be a Russian run office with salaried employees who turn over especially valuable hits to the Russian intelligence agency while selling others to Russian malware gangs. It's a product of the Ukraine invasion, it's not just SOP for Russia.
It's therefore quite possibly one of those strange quantum communication/qubit things ...... where/when a this is a that and something else altogether quite different too and fully dependent upon your access viewpoint ..... and thus more than just likely disinformation or misinformation and propaganda akin to Big Brother Newspeak from/for A.N.Others*
* ..... Newspeak is a fictional language used in Nineteen Eighty-Four by Big Brother and the Party. It is an altered English with restricted vocabulary used as a tool to limit freedom and thought. Newspeak often contradicts itself, some words have two mutually contradicting meanings, so the meaning depends on context. ..... https://eyelearn.org/ma-stu-gallery/typeProj-2017/natalia/newspeak-dictionary.html
"Attackers would sometimes engage in further communication with the target by attempting to schedule a meeting to discuss the project's design or requirements. The Exotic Lily attackers would then upload the malicious payload to one of the public file-sharing services and use a built-in email notification feature to share the file with the potential victim. By doing this, the final email would originate from the email address of a legitimate file-sharing service and not the attacker's email, making it look more legitimate and easier to evade detection."
How would that seem more legitimate, what kind of organization would really use file-sharing services to keep their internal business documents?
It's quite common that corporate mail servers will block encrypted/password protected zips as attachments, as they can't be virus scanned. This can lead to people sharing files via One Drive links. The article mentioned One Drive as one of the services used.
So I can see how it would be plausible, based on how we are restricted to sharing files with some clients.
I also had a manager who used to use drop box to share training videos. This was before the age of teams and one drive became prevalent, and a much better method to use
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
