November 23, 2022 By Pierluigi Paganini
The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region.
Executive Summary
- Quantum Locker gang demonstrated capabilities to operate ransomware extortion even on cloud environments such as Microsoft Azure.
- Criminal operators of the Quantum gang demonstrated the ability to hunt and delete secondary backup copies stored in cloud buckets and blobs.
- Quantum Locker gang targets IT administration staff to gather sensitive network information and credential access.
- During their intrusions, Quantum operators steal access to enterprise cloud file storage services such as Dropbox, to gather sensitive credentials.
- Cloud root account takeovers have been observed in q4 2022 during Quantum gang intrusions in North Europe.
