{"id":47564,"date":"2022-07-18T13:44:00","date_gmt":"2022-07-18T13:44:00","guid":{"rendered":"http:\/\/f7b132fc-d5fe-4e9f-8e9e-78efc8e63e2f"},"modified":"2022-07-18T13:44:00","modified_gmt":"2022-07-18T13:44:00","slug":"these-moonlighting-hackers-are-using-ransomware-against-random-targets","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/","title":{"rendered":"These moonlighting hackers are using ransomware against &#8216;random&#8217; targets"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft has raised an alert over a ransomware gang that is apparently based in North Korea and has successfully compromised small business since September 2021.&nbsp;<\/p>\n<p>Microsoft Threat Intelligence Center (MSTIC) is tracking the group as an emerging threat under the tag DEV-0530 and says the &#8216;H0lyGh0st&#8217; payload has affected small businesses in multiple countries over the past year. It&#8217;s another double-extortion racket, so there&#8217;s a threat to files being both locked up and leaked, but the group&#8217;s motivations remain ambiguous.&nbsp;<\/p>\n<p>The group&#8217;s standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange for restoring access to the files Microsoft <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/07\/14\/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">says in a blogpost<\/a>.<\/p>\n<p>&#8220;As part of their extortion tactics, they also threaten to publish victim data on social media or send the data to the victims&#8217; customers if they refuse to pay,&#8221; it warns.<\/p>\n<p>Microsoft says it has observed DEV-0530 communicating with the North Korean-based state sponsored group it tracks as Plutonium, which is also known as DarkSeoul or Andariel. The group has also used tools created exclusively by Plutonium. Researchers at Symantec in 2019 blamed a series of <a href=\"https:\/\/www.zdnet.com\/article\/south-korea-hacks-blamed-on-dark-seoul-gang\/\" rel=\"follow\">hacks against South Korea on the DarkSeoul gang<\/a>. <a href=\"https:\/\/www.zdnet.com\/article\/new-north-korean-malware-targeting-atms-spotted-in-india\/\" rel=\"follow\">DarkSeoul has operated since around 2013<\/a> and <a href=\"https:\/\/www.zdnet.com\/article\/cyberattacks-against-industrial-targets-double-over-the-last-6-months\/\" rel=\"follow\">deployed destructive malware on targets<\/a>.&nbsp;<\/p>\n<p>The primary goal of DEV-0530 is financial gain, says Microsoft.&nbsp;<\/p>\n<p>Microsoft says it&#8217;s seen known DEV-0530 email accounts communicating with known Plutonium attacker accounts. The tools shared include custom malware controllers with similar names. Microsoft analyzed the group&#8217;s activity time patterns to deduce it is based in North Korea. Despite shared tooling, Microsoft says the two groups are distinct from each other.&nbsp;<\/p>\n<p>This confuses the assessment of what type of group it is. Microsoft says North Korean hackers&#8217; use ransomware is likely motivated by its weak economy due to sanctions, natural disasters, drought, and the nation&#8217;s COVID-19 lockdown. However, it adds that the narrow list of targets is inconsistent with previous state-sanctioned hacking from North Korea involving cryptocurrency theft. &nbsp;<\/p>\n<p>North Korean hacking groups connected to Lazarus <a href=\"https:\/\/www.zdnet.com\/article\/north-korean-hackers-stole-a-record-breaking-amount-of-cryptocurrency-last-year\/\" rel=\"follow\">last year stole nearly $400 million worth of cryptocurrency<\/a>. The US government has also <a href=\"https:\/\/www.zdnet.com\/article\/us-warning-north-koreas-tech-workers-posing-as-freelance-developers\/\" rel=\"follow\">warned US and European organizations to avoid inadvertently hiring North Korean tech contractors<\/a>. In 2019, the United Nations estimated the <a href=\"https:\/\/www.zdnet.com\/article\/north-korea-reportedly-stole-2b-in-wave-of-cyber-attacks\/\" rel=\"follow\">nation&#8217;s hackers had gained $2 billion from attacks<\/a> on banks and cryptocurrency exchanges to fund weapons purchases. &nbsp;<\/p>\n<p>&#8220;To offset the losses from these economic setbacks, the North Korean government could have sponsored cyber actors stealing from <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-digital-defense-report?msclkid=42ced67ad11411ec99c5ac69ac1c0a22\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">banks and cryptocurrency wallets<\/a> for more than five years. If the North Korean government is ordering these ransomware attacks, then the attacks would be yet another tactic the government has enabled to offset financial losses,&#8221; Microsoft notes.&nbsp;<\/p>\n<p>However, it points out that state-sponsored activity against cryptocurrency organizations has typically targeted a much broader set of victims, and instead these attacks could be coming from hackers moonlighting for personal gain.&nbsp;<\/p>\n<p>&#8220;This moonlighting theory might explain the often-random selection of victims targeted by DEV-0530,&#8221; it notes.<\/p>\n<p>Microsoft has found the attackers frequently asked victims for 1.2 to 5 Bitcoins. The attackers have usually been willing to negotiate and, in some cases, lowered the price to less than a third of the initial asking price. But, based on wallet transactions, the attackers appear not have extorted payments since early July 2022.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>But is it state-sanctioned ransomware or hackers working for profit?<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-47564","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>These moonlighting hackers are using ransomware against &#039;random&#039; targets 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"These moonlighting hackers are using ransomware against &#039;random&#039; targets 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-18T13:44:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"These moonlighting hackers are using ransomware against &#8216;random&#8217; targets\",\"datePublished\":\"2022-07-18T13:44:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/\"},\"wordCount\":581,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/141f2842ca05819f2e29e101d97b8d504f2d77b4\\\/2021\\\/08\\\/12\\\/880e080a-7301-4a4b-a4e7-def615879cd5\\\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/\",\"name\":\"These moonlighting hackers are using ransomware against 'random' targets 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/141f2842ca05819f2e29e101d97b8d504f2d77b4\\\/2021\\\/08\\\/12\\\/880e080a-7301-4a4b-a4e7-def615879cd5\\\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\",\"datePublished\":\"2022-07-18T13:44:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/141f2842ca05819f2e29e101d97b8d504f2d77b4\\\/2021\\\/08\\\/12\\\/880e080a-7301-4a4b-a4e7-def615879cd5\\\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/141f2842ca05819f2e29e101d97b8d504f2d77b4\\\/2021\\\/08\\\/12\\\/880e080a-7301-4a4b-a4e7-def615879cd5\\\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"These moonlighting hackers are using ransomware against &#8216;random&#8217; targets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"These moonlighting hackers are using ransomware against 'random' targets 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/","og_locale":"en_US","og_type":"article","og_title":"These moonlighting hackers are using ransomware against 'random' targets 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-07-18T13:44:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"These moonlighting hackers are using ransomware against &#8216;random&#8217; targets","datePublished":"2022-07-18T13:44:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/"},"wordCount":581,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/","url":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/","name":"These moonlighting hackers are using ransomware against 'random' targets 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200","datePublished":"2022-07-18T13:44:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/141f2842ca05819f2e29e101d97b8d504f2d77b4\/2021\/08\/12\/880e080a-7301-4a4b-a4e7-def615879cd5\/cryptocurrency-hackers.jpg?auto=webp&amp;fit=crop&amp;height=675&amp;width=1200"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/these-moonlighting-hackers-are-using-ransomware-against-random-targets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"These moonlighting hackers are using ransomware against &#8216;random&#8217; targets"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47564"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47564\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}