Unmasking Cybercrime’s Gold Melody: Rise and Tactics of an Initial Access Broker

Unmasking Cybercrime’s Gold Melody: Rise and Tactics of an Initial Access Broker

Dubbing the E-Crime Group: Unveiling the Elusive Gold Melody

• A financially driven threat actor has been exposed as an initial access broker (IAB)—a kind of bouncer at the cybercrime club, deciding who gets passed the virtual velvet rope.
• This group has been given the name “Gold Melody” by the SecureWorks Counter Threat Unit (CTU).
• Their hall of aliases also includes Prophet Spider per CrowdStrike and UNC961 according to Mandiant.
• This group essentially operates like a garage sale for hackers, selling off unauthorized access to secure organizations like discounted vinyl records.

From Initial Access Broker to Local Cybercrime Celebrity: The Rise of Gold Melody

An actor alert! And, no, I don’t mean Hollywood; this is a tale from the underworld of cybercrime, which is far from glamorous. This financially motivated threat actor is none other than an Initial Access Broker—more bouncer than Brad Pitt, deciding who gets in on the cybercrime action and who doesn’t. Imagine a big, burly bouncer with a neck wider than your computer screen, saying in a gruff voice, “Password, or no entry!” That’s our Gold Melody.

Naming Rights: The Many Aliases of Gold Melody

Lit up in the cybersecurity name marquee is a group called “Gold Melody.” Now, who dubbed them so? SecureWorks’ Counter Threat Unit, that’s who. Why Gold Melody, you ask? Honestly, we don’t know either, but it does sound like something out of a James Bond movie, doesn’t it? Too bad their actions aren’t as harmonic as their name implies. This group is also known around the cyber blocks as Prophet Spider, according to CrowdStrike, or UNC961, per Mandiant’s books. Seems like Gold Melody is as elusive as a bad Wi-Fi connection.

Gold Melody’s Garage Sale: Unauthorized Access at a Discount

Gold Melody is running a classic sort of digital garage sale. But, what’s on sale, you wonder? It’s unauthorized access to compromised organizations. That’s right, it’s like selling second-hand access to secure organizations—”lightly used” one might say. Other “customers” (hacking adversaries in the hood speak) can buy this access to conduct follow-on attacks such as ransomware. Don’t rush though, there’s likely no early bird discount.

In Cybercrime, There’s a Melody That’s Not Quite Golden

To wrap it up, a threat actor has surfaced out of the murky waters of cybercrime—an Initial Access Broker, or to be more specific, the notorious Gold Melody. Identified by SecureWorks’ Counter Threat Unit, this group is also known as Prophet Spider or UNC961. This financially motivated group has taken cybercrime to a new, darker level by selling unauthorized access to compromised organizations. While its activities may be anything but golden, the “music” it plays certainly rings in the ears of cybersecurity experts.

Original Article: https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html


0

Your Cart Is Empty

No products in the cart.