"Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers"

A financially motivated threat actor has been identified as an Initial Access Broker (IAB) who sells access to compromised organizations to other adversaries to perform follow-on attacks. The SecureWorks Counter Threat Unit (CTU) has named the group Gold Melody, which also goes by the names Prophet Spider and UNC961. According to the cybersecurity company, this financially motivated group has been active since at least 2017, exploiting vulnerabilities in unpatched Internet-facing servers to compromise organizations. The group's victimology indicates opportunistic attacks for financial gain instead of a targeted campaign executed by a state-sponsored threat group for espionage, destruction, or disruption. Gold Melody has previously been associated with attacks involving the exploitation of security vulnerabilities in JBoss Messaging, Citrix ADC, Oracle WebLogic, GitLab, Citrix ShareFile Storage Zones Controller, Atlassian Confluence, ForgeRock AM, and Apache Log4j servers. This article continues to discuss findings regarding the cyber group Gold Melody.

THN reports "Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers"

Submitted by Gregory Rigby on