When a mysterious Russian hacking gang announced last week that it had assaulted the National Rifle Association with a ransomware attack, the NRA was quiet on whether the claim was true. But a network of hundreds of Twitter trolls were far from mute—they lapped up the news and went to town amplifying it across Twitter.
The move was unusual. Ransomware gangs typically share information about their hacked victims on their own extortion sites, needling them to pay up by posting allegedly stolen files and embarrassing them along the way. And the ransomware gang in question, called Grief Gang, did just that, posting files it claimed to have run off with after hacking the NRA.
But Grief Gang seems to be taking it to the next level.
The Twitter accounts, which sport primarily women’s names—such as Kimberlee Strum, Elvera Vickerman, and Jann Priestley—were created in bulk around the same time in August and September.
The majority of the accounts don’t follow anyone and don’t have any followers. But despite not following each other, they appear to be tweeting in a carefully orchestrated manner. Most of the accounts seem to have whirred into gear to post almost entirely about the Grief ransomware gang’s latest activity. Some of the accounts had also shared original content about a separate hacking incident the Grief Gang carried out, Sam Riddell, associate threat intelligence analyst of information operations at Mandiant, told The Daily Beast.
The purpose of the network appears to be to spread word about Grief Gang’s successes and hacking campaigns, according to an analysis Mandiant security researchers conducted and shared exclusively with The Daily Beast.
The purpose of the network appears to be to spread word about Grief Gang’s successes and hacking campaigns, according to an analysis Mandiant security researchers conducted and shared exclusively with The Daily Beast.
