By 
A group of newbie threat actors from Iran that has been carrying out attacks against companies in Asia and trying to encode their networks with a version of the Dharma ransomware.
Cyber-security company Group-IB, which identified the group, has said that the hackers have targeted companies located in Russia, Japan, China, and India.
The security firm called the group as “newbie hackers” based on the low level of sophistication and simple devices and tools used during attacks.
The report said that the group used only publicly-available hacking tools, including Masscan, NLBrute, Advanced Port Scanner, Defender Control, or Your Uninstaller.
This goes to show that the group is not able to develop its own hacking tools, or it still does not have the financial resources to buy access to private and more innovative hacking utilities.
Even the use of the Dharma ransomware is thought to be a sign of a low-skilled attacker today, chiefly because the ransomware’s source code was put up for sale and then leaked online earlier this year, making it available to any newcomers at virtually no development cost.
The security firm says that notwithstanding attacking companies in the private sector, this specific Iranian hacking group has not demanded ransoms in return for hundreds of thousands or millions of US dollars.
The group has instead requested small ransom payments ranging from 1 to 5 bitcoin ($10k to $50k, while authorities focus on the bigger gangs ransoming companies for millions.
While in 2017-2018, a group needed gifted threat actors to carry out a ransomware attack, today, even “newbie” groups like the ones in the Group-IB report can download hacking tools and follow tutorials shared on hacking forums to arrange their own interruption and ransom attacks in a few days.
