Vice Society, a threat actor known for ransomware and extortion campaigns, has been identified in operations targeting the US education sector. Microsoft security researchers released an advisory about Vice Society and its recent activities on Tuesday. The write-up states that the group’s latest payload is a Zeppelin variant that contains specific file extensions. Microsoft found that the group did not always deploy ransomware during the operation and may have performed extortion using exfiltrated stolen data.
Vice Society has been active as early as June of last year, Microsoft says. The latest attacks have heavily targeting the US education sector, however, previous activities were focused on industries such as local government and retail. Microsoft security researchers believe that the group is financially motivated and continues to shift its focus to target companies or organizations with weaker security and higher likelihood of ransom payouts. The group relies on tactics and procedures that are used among other ransomware groups, such as PowerShell scripts and repurposed legitimate tools.
Read More: Vice Society Ransomware Campaigns Continue to Impact US Education Sector