Research from cybersecurity firm Palo Alto Networks found that Vice Society had listed 33 schools on its data leak site in 2022 alone.
[8] The group gained significant attention in late 2022 and early 2023 due to a series of high-profile attacks, including one targeting the rapid transit system in San Francisco.
[1] According to the U.S. Cybersecurity and Infrastructure Security Agency, Vice Society have not developed their own in-house attack tools, instead using the Hello Kitty/Five Hands and Zeppelin ransomware toolkits.
Prior to deploying ransomware, Vice Society actors spend time exploring the network, seeking opportunities to increase access and exfiltrating data for double extortion purposes.
In an effort to evade detection, the actors disguise their malware and tools as legitimate files, employ process injection, and likely use evasion techniques against automated dynamic analysis.
[7] An analysis of Vice Society's tactics showed the use of tools like Cobalt Strike and Mimikatz to escalate privileges and move laterally within a network.