|Category: Adversary Intelligence||Industry: Multiple||Motivation: Public Relations||Region: Global||Source*: B2|
- CloudSEK’s contextual AI digital risk platform XVigil discovered a new operation named #OpBRICS launched by the threat actor group Your Data is Ours (YDIO) against the following five major emerging economies:
- The Federative Republic of Brazil
- The Russian Federation
- The Republic of India
- The People's Republic of China
- The Republic of South Africa under the name operation BRICS [#OpBRICS].
- YDIO group is a team of blackhats that specializes in data retrieval from corporates and governments across the world.
- Previously operating under the name of “Dark Lulz”, the group rebranded itself as Your Data is Ours (YDIO) on 1 July 2022.
- The group runs its own forum which was registered on 30 June 2022.
- Initially, newly formed threat groups having limited members joined their forum.
- Later, prominent threat actors and groups joined the forum.
- Prominent members of the YDIO group are:
- The group has a Twitter account registered in December 2015 and a telegram channel with a large following.
- Target selection is done by creating polls and asking subscribers/followers to participate.
- The table below contains the list of entities breached by the group.
|Nour Communications - Saudi||diRoma Acqua Park - Brazil|
|Bharti Airtel - India||Supreme Court of Brazil|
|DK Wireless - South Africa||Russian Space Science Institute|
|iBee aka Honeylink Technology||CountryOnline - Russian ISP|
|Multiple Chinese medical facilities||Airtel - India|
|QTEC - Russia||Jiangsu Real Estate Investment - China|
|National Space Research Institution - Brazil||Russia Nuclear Research Institute|
|Belarus Telecom||AIIMS Metro Station - India|
|ISA CTEEP - Brazil||Power Grid Corporation of India|
|4th of July, Firework Show||Nettlinx Limited, India|
- The group’s TTPs include compromising the products of Cambium Networks, especially the “Cambium Networks’ ePMP™ Force 300-25” wireless radio.
- Cambium Networks is a leading global provider of wireless fabric infrastructure for business and residential broadband and Wi-Fi.
- Entities compromised using Cambium products include the following:
- Power Grid Corporation of India.
- The AIIMS Metro Station.
- Nettlinx India Limited.
- DK Wireless, South Africa. (references to cambium in leaked router config)
|Threat Actor Profiling|
|Active since||July 2022|
|Reputation||High (Popular on Telegram channels, Twitter, and forums)|
|TTPs||Targeting vulnerable Cambium products|
|History||Previously involved in breaching prominent organizations of BRICS (Brazil, Russia, India, China, South Africa)|
|Rating||B2 (B: Usually reliable 2: Probably true)|