Attacks with a Conti ransomware code-based backdoor have been deployed by the new Muliaka ransomware operation against businesses across Russia since at least December, according to The Record, a news site by cybersecurity firm Recorded Future.
Windows systems and VMware ESXi infrastructure of one Russian company had been compromised with the malware after Muliaka had infiltrated its VPN network through phishing emails distributing a fraudulent version of the firm's antivirus system, a report from Russian Group-IB spinoff F.A.C.C.T. showed.
Further examination of the new malware revealed that it enabled process and system services termination prior to file encryption, unlike its Conti forebear.
While details regarding the origins of Muliaka as well as the outcome of the attack against the Russian company have been limited, such intrusions were noted by researchers to be part of a trend of financially motivated threat actors looking to exploit current geopolitical tensions in Russia.