New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware

• Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023.


• This ongoing attack uses a variant of the Yashma ransomware likely to target multiple geographic areas by mimicking WannaCry characteristics.


• The threat actor uses an uncommon technique to deliver the ransom note. Instead of embedding the ransom note strings in the binary, they download the ransom note from the actor-controlled GitHub repository by executing an …

actor attack bulgaria china cisco cisco talos countries june origin ransomware talos target threat threat actor vietnam wannacry yashma ransomware