Night Sky

Night Sky is a potent form of malware that has been linked to several significant ransomware activities, including LockFile, AtomSilo, Rook, and Pandora. Analysis of the Cobalt Strike Beacon samples loaded by HUI Loader has revealed a connection between AtomSilo, Night Sky, and Pandora ransomware, suggesting similarities across these ransomware families. Further research indicates that the five ransomware families connected to HUI Loader were developed from two distinct codebases: one for LockFile and AtomSilo, and the other for Rook, Night Sky, and Pandora. This suggests a level of coordination and shared resources among these malicious actors. The operational patterns and victimology of LockFile, AtomSilo, Rook, Night Sky, and Pandora deployments do not align with conventional financially motivated cybercrime operations, indicating a more complex motivation or strategy behind these attacks. As of mid-April, 21 victims have been listed across the AtomSilo, Rook, Night Sky, and Pandora leak sites, demonstrating the widespread impact of these threats. The deployment of LockFile, AtomSilo, Rook, Night Sky, and Pandora post-intrusion ransomware further underscores the significant threat posed by these malware families. Additional analysis has uncovered a link between Night Sky and Emperor Dragonfly, a Chinese ransomware group. A reference to a Chinese font family in a Night Sky ransom note, along with the detection of a Chinese character font in another ransom note dropped by Night Sky ransomware, points towards a possible origin or affiliation. These findings highlight the global nature of the cyber threat landscape and underscore the need for robust cybersecurity measures to counter such sophisticated threats.