The danger actors claiming to represent the Medusa Rainsmware Gang, offering an important amount, wooed a BBC correspondent to become an internal threat.
Cyber security correspondent Joe Tidi revealed in one Story on BBC Hackers wanted to use their laptops to break the network of British Public-Service Broadcasters and then asked for ransom.
Once they reach the internal systems of the BBC, the danger actor planned to steal valuable data and give ransom to the organization. At least 15% of the paid ransom will be streamlined to provide initial access.
Tidi says that in July, he was approached by a cyber criminal called “Syndicate” (“Sin”) on a signal, who initially introduced him 15% of the payment ransom on providing the BBC system to Medusa.
Sin later tried to sweeten the proposal with an additional 10%, saying that “her team could demand ransom among millions of people if they successfully infiltrate the corporation.”
Sin said, “Sin said,” Sin said that “his team can demand a ransom in millions, if he successfully infiltrates the corporation,” which may be that the journalist can never work again, cut ransom.
Source: BBC
The Medusa ransomware is an operation that emerged in January 2021 and gained a reputation with the double-exertion attacks and the launch of a forced recovery portal in 2023.
In March, CISA published a report on Medusa, holding the gang responsible for more than 300 attacks on important infrastructure organizations in the United States.
According to the agency, the core operators of Medusa recruit early access brokers in cybercrime forums and dark marketplace, and they focus on the post-compromise phase.
Tidi reported that the representative of the alleged ransomware group promised oblivion, if he helped, citing many previous matters, claiming that he claimed that he claimed that an evil internal source gave Medusa easy access to the target network.
Underped, disgruntled, or simply unethical employees have caused millions of losses in exchange for a few hundred USD, and some danger actors trust him.
Rainmware gangs such as lockbit have been discovering the ability of evil employees wishing to sell their reach for many years.
Even SYN tried to convince the journalist by offering 0.5 BTC (currently more than $ 55,000) in the escrow on a hacker forum before the hack started.
“We are not flickering or joking – we do not have a purpose. Media wise we are only for money and money and one of our main managers I wanted me to reach you,” Sin told Tidi on the signal.
Tidi, who covered Cybercity News, believes that the danger actors misunderstood him for a cyber security employee at BBC with high privileges.
SYN suppressed the journalist to execute a script, but when stopped clean, the journalist’s phone was filled with two-factor authentication requests.
It is a strategy called MFA bombing, MFA fatigue, or MFA spam, where hackers log in in efforts with the victim’s credentials, until the target is defeated and does not allow the login.
Kurili did not give up, though. He approached the BBC information security team and as a precaution, was completely cut off from the infrastructure of the organization.
In a later message, the alleged Medusa representative apologized for the login requests and said that his proposal was still available for a few days. However, when the journalist did not respond for a few days, the actor threatened his signal account.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
