Cyberthreat on New Email By Exotic Lily

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 13, 2023 03:44 am PST

Exotic Lily is known as PROJECTOR LIBRA and TA580, which is an initial access broker (IAB). Since its start, the threat actor has been well-known in the dark web due to its connections to Diavol and Conti, two ransomware outfits. Researchers from ReliaQuest recently came across and investigated the group’s phishing activity. More email threats have been traced back to Exotic Lily in recent times. Unsuspecting people and businesses have been receiving emails from cybercriminal group that contains harmful attachments or links.

These emails seem normal, but they contain malicious code that can infect the recipient’s device or steal personal information. Exotic Lily is renowned for their cutting-edge strategies and methods, which make them tricky to identify and detect. They have been active since at least 2019, and several well-known cyberattacks have been connected to them.

How Does Exotic Lily Operate?

A target would be sent an email appearing to be a chance for the company to begin the hack. Exotic Lily developed a cloned domain to make it appear as though it came from a legitimate business. The two names’ top-level domain (TLD) was the only difference.

As soon as a connection was made, popular file-sharing websites like TransferNow, OneDrive, WeTransfer, and TransferXL started hosting a malware zip file.

Delivering the BumbleBee loader to the victim is an Exotic Lily device using Windows shortcuts to install malicious software.

Why Is This Important?

Exotic Lily is renowned for its competence in obtaining login information from important targets using tactics like posing as an employee, OSINT, and the development of compelling fake documents.

Because Exotic Lily pays close attention to the details, its phishing methods have become quite well-known and influential. The attacker practices a tried-and-true procedure that frequently begins with engaging the target in friendly conversation.

These profiles use the victim’s absolute trust to lure users to websites that appear trustworthy but contain dangerous payloads

There were 2,348 instances on the dark web IABs selling business access between the last part of the year 2021 and the first half of 2022, which is twice an increase, according to research from January.

In the United States, IABs primarily targeted companies that offered banking services (5.1%), manufacturing (5.8%), real estate (4.6%), and education (4.2%).

RDP (36% of the permitted access methods) and vulnerable VPNs (37%) were the most commonly used.

Strong Preventive Measures Against Cyberattacks

  • Users are advised to install anti-spam software

Installing and using reliable Internet security software on computers is one of the simplest ways to fall for a phishing scam. Since internet security software provides multiple layers of security in a single, user-friendly suite, it is necessary for every user.

Anti-spam software shields email accounts from spam and fraudulent emails. Anti-spam software has intelligence features that allow it to gradually learn which items are rubbish and which are not, in addition to working with pre-defined denylists generated by security researchers. 

Hence, while being vigilant is crucial, consumers can comfort themselves with the knowledge that the software also screens for potential problems. Using anti-phishing and anti-spam software is advised when malicious messages get past users’ computers.

Anti-malware software keeps getting smarter and better equipped to handle the most recent attacks, thanks to regular updates from manufacturers. Users can use anti-malware software to guard themselves against viruses, Trojan horses, and more.

  • The Use of Password Manager

It is essential to use a password manager in addition to having antivirus software on the computer to handle online credentials. Today, it is essential to use unique passwords for every website. Malicious attackers will attempt to use the revealed credentials throughout the web if a data breach ever takes place.

One of password managers’ best aspects is that they fill out login forms instantly to reduce unnecessary clicking. Users can carry their passwords wherever they go, thanks to the portable versions many password managers offer, and they can be saved to a USB drive.

  • Never respond to spam emails or rely on links inside of them

In most cases, responding to, clicking on, or even unsubscribing from spam emails only serves to alert the sender that they have located a live email address to which they can send additional spam messages. Instead, users should follow the steps provided by their email provider to report the message as spam.

Cybersecurity’s Significance in Password Management

Using a strong and secure password can reduce the chance that cybercriminals will predict it and gain access to confidential information. In 2019, 80% of data breaches were the result of compromised passwords, costing both consumers and companies money. A common concern when creating complex passwords is the fear of forgetting them, mainly when there are several to remember. When users use a strong password, predicting it takes exponentially more time than using a 20-character randomized password with upper- and lowercase letters, numbers, and symbols. A machine would need three sextillion years to decipher it. Cybercriminals use a variety of various attacks to target simple passwords.


Cybersecurity professionals advise people and businesses to exercise caution when opening emails, particularly those from unknown senders or containing unexpected attachments or links. They advise frequently backing up vital data and updating antivirus and other security programs. It is crucial to guarantee that the organization’s current security posture is vital in case a threat group like Exotic Lily targets it. 

Unauthorized peer-to-peer ransomware and websites that share files should be restricted, claims ReliaQuest. In relation to the executables that can be used on the corporate network, it is also advisable to set up tight policies and user access controls. It is crucial to use caution when using the internet and to be aware of the dangers involved with doing so. Exotic Lily is only one of many online hazards that individuals and organizations may avoid by being knowledgeable and taking the necessary safeguards.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x