Gold Melody cybercrime group identified as IAB
The Gold Melody cybercrime operation, also known as UNC961 and Prophet Spider, was discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker that sells compromised network access for further attacks. hacker news. According to a report by SecureWorks, five attacks deployed by Gold Melody between July 2020 and July 2022 involved exploiting vulnerabilities dating back to 2016 to gain initial access, and were subsequently compromised. The web shell was distributed and directories were created within the host. Gold Melody then begins extensive environmental scanning before facilitating credential collection, lateral movement, and data theft, but all reported attacks were unsuccessful. “Gold Melody acts as a financially motivated IAB, selling access to other threat actors, who then monetize the access through extortion, likely through ransomware deployment,” the researchers said, adding that the operation While focusing on the flaws that impact them, they emphasized the importance of robust patching practices. A server exposed to the Internet.