The Outlaw Hacking Group – thought to have gone dark in 2020 after debuting two years – was detected by Israeli cybersecurity firm CYE, which revealed the details to cybernews.
CYE conducted digital forensics on a client company’s computers in February, identifying a two-pronged vector using malicious software that simultaneously launches SSH brute force attacks on servers while hijacking them for crypto mining purposes. The last IP identified by CYE to have been used as a platform for the attack launch was 46.101.189.37 – officially recognized as malicious by digital watchdog VirusTotal.
“We realised that it was the Outlaw group because it was using the same TTPs [tactics, techniques, and procedures],” said Eli Smadja, cybersecurity analyst at CYE. “What they do normally is attack servers around the world – especially in Europe.”