The Brain Cipher ransomware group gained widespread attention after a high-profile attack on Indonesia’s National Data Center (Pusat Data Nasional – PDN), which disrupted essential public services, including immigration. On June 20, the cyberattack targeted one of Indonesia’s national data centers. This attack encrypted government servers, disrupting immigration services, passport control, the issuance of event permits, and other online services.…
Author: SocRadar
IntelBroker, a notorious figure known for orchestrating high-profile cyberattacks, operates within BreachForums. Specializing in identifying and selling access to compromised systems, sensitive data leaks, and possibly extortion, IntelBroker facilitates various malicious activities.
Most known profile picture of IntelBroker
BreachForums, IntelBroker’s long-time base, was recently taken down once again in an operation.…
WikiLeaks founder Julian Assange has been freed in the UK after serving over five years in Belmarsh prison for what the U.S. government described as the “largest compromises of classified information” in its history.
In 2019, U.S. authorities charged Assange with 18 criminal counts for conspiring with former US Army intelligence analyst Chelsea Manning to obtain and publish classified information.…
Alex was talking to his security team when his boss called him into his office one day. News about ransomware attacks across the industry has been pretty popular lately, and his manager wanted to make sure that their firm would not join their competitors in those news reports.…
Alex was talking to his security team when his boss called him into his office one day. News about ransomware attacks across the industry has been pretty popular lately, and his manager wanted to make sure that their firm would not join their competitors in those news reports.…
DragonForce Ransomware has emerged as an intriguing adversary. Known for its prominent targets and unusual ways of communication, it has quickly gained notoriety among cybersecurity experts and victims alike. This post delves into the origins, operations, and distinctive features of the DragonForce Ransomware, shedding light on the menacing threats in the digital world today.…
Global law enforcement agencies have ramped up their efforts against ransomware, leading to the weakening of groups and even dethroned the long ruled LockBit. However, following these operations, many small groups emerged.
In April, 2024, a group calling themselves the dAn0n Hacker Group emerged. Although various sources label them as a ransomware group, they appear to function more as a data broker group.…
Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…
Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability in mind, allowing it to customize attacks based on its victims’ specific environments. Originating from a sophisticated background, Qilin leverages advanced tactics to extort organizations.…
BlackSuit ransomware is a rebranded version of the notorious Royal ransomware, which emerged due to heightened law enforcement actions against the original group. This rebranding signifies a strategic shift aimed at evading detection and continuing their cybercriminal activities under a new guise. The Royal ransomware, now BlackSuit, has a notorious history of targeting high-profile sectors and demanding substantial ransoms.…
In the ever-evolving landscape of cybersecurity threats, new groups like Hunt3r Kill3rs emerge with claims of disruptive capabilities. This analysis aims to provide an initial understanding of their activities, considering the limited timeframe and absence of concrete evidence substantiating their claims.
Hunt3r Kill3rs’ logo
Overview of Hunt3r Kill3rs:Hunt3r Kill3rs, a recently surfaced threat group, assert their prowess in cyber operations, including Industrial Control Systems (ICS) breaches, communication network intrusions, and web application vulnerabilities exploitation.…
As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…
In the constantly changing landscape of cyber threats, ransomware groups adapt their tactics to outmaneuver defenses. Everest Ransomware recently attracted attention in May 2024 for its notable targets. Since its emergence in December 2020, Everest has seemed to infiltrate and compromise organizations using advanced techniques. This profile examines the origins, operational tactics, and mitigation strategies related to Everest Ransomware, offering essential insights for cybersecurity professionals.…
Dispossessor has recently emerged in the ransomware landscape, and it is especially notable for its similarities to the notorious LockBit group. Following an extensive crackdown by global law enforcement agencies, which led to the seizure of LockBit’s primary domains, Dispossessor quickly surfaced, mimicking the structure and content of LockBit.
Dispossessor’s logo
Who is Dispossessor RansomwareThe name “Dispossessor” could be linked to Ursula K.…
Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…
On April 3, 2024, a newly discovered ransomware group surfaced as Senior Threat Analyst Rakesh Krishnan shed light. Known as Red CryptoApp, this group began its operations between February and March, coinciding with the dismantling or retreat of Lockbit and ALPHV.
Red Ransomware Group’s Wall of Shame
Who is Red RansomwareRed Ransomware or Red CryptoApp, a fresh ransomware group, surfaced in March 2024 and promptly revealed the data of 11 victims on its Data Leak Site (DLS), along with announcing an additional victim.…
Since its discovery in early 2023, Akira ransomware has evolved from a seemingly ordinary addition to the ransomware landscape to a significant threat affecting a wide range of businesses and critical infrastructure entities. This evolution, coupled with its unique aesthetic on its leak site and communications, has drawn attention to its operations.…
In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with data leaks. In February 2024, RansomHub posted its first victim, the Brazilian company YKP. Since then, they have made 17 additional claims, although their leak site currently lists only 14 victims.…
Within the obscured world of the Deep/Dark Web, where cybercrime flourishes amidst databases, initial access brokers, and a plethora of illegal activities, there exists a group known for leaking various databases and executing high-profile attacks. This group, at first glance, might seem like a benign assembly of Pokémon enthusiasts, given their name.…