Short Summary:
Rhysida ransomware, active since early 2023, utilizes a multi-tiered infrastructure and CleanUpLoader for post-exploitation activities. Recorded Future’s Network Intelligence has enabled early detection of Rhysida victims, providing a …
Short Summary:
The article discusses the challenges organizations face in cybersecurity due to fragmented detection tools and the need for comprehensive threat visibility. It highlights how Recorded Future’s Threat Intelligence …
The “Marko Polo” group represents a significant cybercriminal threat, employing sophisticated infostealer malware and social engineering tactics to target individuals and businesses, particularly in the cryptocurrency and online …
The “H1 2024 Malware and Vulnerability Trends Report” highlights the evolving tactics of threat actors, particularly in exploiting zero-day vulnerabilities and the rise of infostealer malware. Key trends …
Short Summary:
The resurgence of Intellexa’s Predator spyware, following a decline due to US sanctions, poses renewed privacy and security risks, particularly to high-profile individuals. Recent findings indicate that Predator’s …
Insikt Group has reported a rise in cyber threat activity from GreenCharlie, an Iran-nexus group targeting US political and government entities. They employ sophisticated phishing operations and malware …
“`html
Short SummaryThe Recorded Future Payment Fraud Intelligence team has uncovered the ERIAKOS campaign, a sophisticated scam e-commerce network targeting Facebook users. Detected on April 17, 2024, this campaign …
Summary:
Insikt Group's recent analysis reveals that North Koreans continue to use foreign technology to access the internet despite heavy sanctions. This includes Apple, Samsung, and Huawei devices, as well …
Summary
Between Q4 2023 and Q1 2024, cybercriminals increasingly used QR codes and AI-generated phishing tactics to target executives, exploiting AWS SNS for malicious SMS and VAST tags for malvertising. …
Insikt Group examines a large-scale Russian-language cybercrime operation using fake Web3 gaming initiatives to distribute malware designed to steal information from both macOS and Windows users. These Web3 games, which …
Summary
Recorded Futures Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations. TAG-100 exploited internet-facing devices and used open-source tools like the Go …
Summary
Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials …
Cyber threats are becoming increasingly sophisticated and frequent, making it imperative for organizations to leverage cyber threat intelligence to stay ahead of potential cyber attacks. Organizations across all industries are …
Summary
In this proof-of-concept report, Recorded Future's Identity Intelligence analyzed infostealer malware data to identify consumers of child sexual abuse material (CSAM). Approximately 3,300 unique users were found with accounts …
Insikt Group's report reveals that CopyCop, a likely Russian government-aligned influence network, has shifted its focus to the 2024 US elections. Using AI and inauthentic websites, CopyCop creates and spreads …
From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett …
Recorded Futures Insikt Group identified that Vortax, a purported virtual meeting software, spreads three infostealersRhadamanthys, Stealc, and Atomic macOS Stealer (AMOS). This extensive campaign targets cryptocurrency users, exploiting macOS vulnerabilities. …
The 2024 Paris Olympic Games face numerous threats due to their high-profile nature and international significance. Insikt Group's research identifies several key risks: cybercriminals targeting critical sectors with ransomware, hacktivists …
Insikt Group tracks the evolutions of GRU's BlueDelta operational infrastructure, targeting networks across Europe with information-stealing Headlace malware and credential-harvesting web pages. BlueDelta deployed Headlace infrastructure in three distinct phases …
In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub …
SolarMarker, a malware known for stealing information, utilizes an evolving, multi-tiered infrastructure that has been active since 2021. This malware, also known as Yellow Cockatoo and Jupyter Infostealer, targets sectors …
In early March 2024, Insikt Group identified a malign influence network, CopyCop, skillfully leveraging inauthentic media outlets in the US, UK, and France. This network is suspected to be operated …
New research from Recorded Futures Insikt Group focuses on the growing threat of a possible "mobile NotPetya" event. Through zero-click exploits, a self-propagating mobile malware could infiltrate smartphones at scale. …
Insikt Group examines a large-scale Russian-language cybercrime operation using fake Web3 gaming initiatives to distribute malware designed to steal information from both macOS and Windows users. These Web3 games, which …
Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for …
Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.
2023 was a year in which cybercrime evolved in …
Domestic violent extremists (DVEs) in the United States are increasingly doxing senior leaders from the public and private sectors — publishing their personally identifiable information (PII) with malicious intent and …
New Insikt research examines 2023, a year of unexpected outcomes and escalating cybersecurity threats. Throughout the year, cyber threat actors exploited the prevailing chaos to steal data, conduct espionage, and …
New research from Recorded Futures Insikt Group outlines a collaborative investigation by threat intelligence analysts and R&D engineers into the potential malicious uses of artificial intelligence (AI) by threat actors. …
New Insikt Group Research provides updated insights on the recent i-SOON leak. On February 18, 2024, an anonymous leak of documents from Anxun Information Technology Co., Ltd. (i-SOON), a Chinese …
New research from Recorded Future’s Insikt Group examines newly discovered infrastructure related to the operators of Predator, a mercenary mobile spyware. This infrastructure is believed to be in use in …
Recorded Future’s Insikt Group has identified TAG-70, a threat actor likely operating on behalf of Belarus and Russia, conducting cyber-espionage against targeting government, military, and national infrastructure entities in Europe …
Available in the following solutions: Ransomware Mitigation, Automated Security Workflows, and Mitigate Supply Chain Risk
Available in the following modules: Threat Intelligence, and Geopolitical Intelligence
In the ever-changing and converging …
Recent Insikt research analyzes ransomware and vulnerability trends spanning the past six years and offers insights into future expectations.
Ransomware groups exploit vulnerabilities in two distinct categories: those targeted by …
The report discusses Iranian intelligence and military entities associated with the Islamic Revolutionary Guard Corps (IRGC) involved in cyber activities targeting Western countries through their network of contracting companies. Four …
New Insikt Group research discusses the frequent abuse of GitHub's services by cybercriminals and advanced persistent threats (APTs) for various malicious infrastructure schemes. These include payload delivery, dead drop resolving …
In its 2023 Adversary Infrastructure report, Insikt Groups outlook for the infrastructure landscape in 2024 suggests a continuation of the evolving nature of cyber threats, with an emphasis on government …
In 2023, the payment fraud underground showed signs of recovery following Russian law enforcement's crackdown on domestic cybercriminals and the Russian invasion of Ukraine in 2022. The dark web carding …
In a new report, Recorded Futures Insikt Group examines North Koreas success in its cybercriminal operations targeting the cryptocurrency industry. Since 2017, North Korea has significantly increased its focus on …
As Black Friday and the holiday shopping season approaches, the threat of online scams is on the rise, with a 22% increase in consumer scam losses reported during the 2022 …
Ad fraud, driven by automation, is a pervasive issue in online advertising, involving the inflation of performance metrics through automated bot software and tools. The increasing accessibility of automation solutions …
Over the past five years, Chinese state-sponsored cyber operations have evolved into a more mature and coordinated threat, focusing on exploiting both known and zero-day vulnerabilities in public-facing security and …
Recorded Future's research group, Insikt Group, has identified an application disseminated on a Telegram Channel used by members/supporters of the Hamas terrorist organization.
The application is configured to communicate with …
Recorded Future’s Insikt Group has conducted an analysis of a prolonged cyber-espionage campaign known as TAG-74, which is attributed to Chinese state-sponsored actors. TAG-74 primarily focuses on infiltrating South Korean …
Insikt Group has identified and analyzed a network named "Empire Dragon," which is believed to be a coordinated and inauthentic operation likely aligned with the Chinese government and based in …
New Insikt Group research examines RedHotel, a Chinese state-sponsored threat activity group that stands out due to its persistence, operational intensity, and global reach. RedHotel’s operations span 17 countries in …
Insikt Group has been tracking the threat activity group BlueCharlie, associated with the Russia-nexus group Callisto/Calisto, COLDRIVER, and Star Blizzard/SEABORGIUM. BlueCharlie, a Russia-linked threat group active since 2017, focuses on …
Recorded Future’s Insikt Group has been monitoring the activities of Russian state actors who are intensifying their efforts to hide command-and-control network traffic using legitimate internet services (LIS) and expanding …