Google uncovers criminal actions of initial access broker Exotic Lily
23. März 2022Google uncovers criminal actions of initial access broker Exotic Lily
San Francisco, 3/23/2022
According to Google, Exotic Lily hackers used artificial intelligence to create fake images for social media profiles. Using these fake profiles, they posed as legitimate employees and gained access to the computer networks of numerous companies .
Exotic Lily has been known as an „initial access broker“ on the scene for some time, as they offer these accesses for sale to the highest bidders. The hackers used an unidentified and publicly available service to use AI to create fake photos that were used in fake LinkedIn profiles.
The company then gained access via email campaigns and spear-phishing emails before passing it on to cybercriminal syndicates, who used the access to attack companies and demand ransom.
At the height of its activity, Exotic Lily sent more than 5,000 phishing emails a day to as many as 650 companies. Initially, IT, cybersecurity and healthcare companies were targeted before it spread to other industries.
Google also found links between Exotic Lily and the Russian-language ransomware group Conti. Exotic Lily is believed to operate from Central or Eastern Europe.
