The financially motivated threat group demonstrates deep knowledge of hybrid cloud environments, which allows it to rapidly steal sensitive data, destroy backups and encrypt systems for ransomware.
The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, inspecting local filesystems, exfiltrating files and encrypting data.
Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.
The State Department also announced financial rewards totaling up to $6 million for information leading to the arrest or conviction of Garantex’s leaders.
The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations.