FOCUS MODE
EXTRACT IOC
Threat Research

IntelBroker: The Rising Threat Actor in the Cybercrime Landscape

iocOne
IntelBroker: The Rising Threat Actor in the Cybercrime Landscape
IntelBroker is a sophisticated cyber adversary linked to various high-profile data breaches and illicit data trading, operating primarily through BreachForums. The actor has developed ransomware, conducted significant breaches, and engaged in dark web data sales. Their evolving techniques present ongoing challenges to various sectors. Affected: Cybersecurity, E-commerce, Government, Technology, Aviation

Keypoints :

  • IntelBroker is a highly active cybercriminal responsible for numerous data breaches and ransomware campaigns.
  • Initially emerged on BreachForums, a key platform for cybercriminal activities.
  • Notable breaches include incidents involving Europol, AT&T, Hilton Hotels, and others.
  • Operated with a racially charged group known as CyberNiggers but maintained a distinct identity.
  • Developed the sophisticated ransomware called ‘Endurance’.
  • Involved in data brokerage on dark web marketplaces, monetizing stolen data.
  • Utilizes advanced tactics, including exploitation of public-facing applications and execution of client commands.
  • Exploits vulnerabilities in supply chains and engages in lateral movement across networks.
  • Indicators of Compromise (IoCs) associated with IntelBroker’s activities have been identified.
  • Organizations are advised to enhance security measures, monitor behavioral anomalies, and improve incident response.

MITRE Techniques :

  • T1190 — Exploit Public-Facing Application: Exploits vulnerabilities in public-facing applications to gain unauthorized access.
  • T1203 — Exploitation for Client Execution: Uses compromised systems to execute unauthorized commands or malware.
  • T1098 — Account Manipulation: Maintains access by manipulating accounts.
  • T1068 — Exploitation for Privilege Escalation: Exploits software vulnerabilities for elevated access.
  • T1027 — Obfuscated Files or Information: Obfuscates files to bypass security measures.
  • T1003 — Credential Dumping: Extracts credentials from compromised systems.
  • T1083 — File and Directory Discovery: Conducts reconnaissance to identify valuable files.
  • T1078 — Valid Accounts: Uses valid credentials to move within networks.
  • T1005 — Data from Local System: Extracts sensitive data from local systems.
  • T1041 — Exfiltration Over C2 Channel: Transfers data over encrypted channels to evade detection.
  • T1486 — Data Encrypted for Impact: Encrypts data to disrupt operations.
  • T1132 — Data Encoding: Encodes C2 communications for stealth.
  • T1485 — Data Destruction: Deletes or corrupts data to disrupt target operations.

Indicator of Compromise :

  • URL: http[:]//h44jyyfomcbnnw5dha7zgwgkvpzbzbdyx2onu4fxaa5smxrgbjgq7had.onion/
  • URL: olx.id7423[.]ruboxberry.id7423[.]ru
  • URL: avito-rent.id7423[.]ru
  • File Hash – SHA-256: 600be5ab7f0513833336bec705ca9bcfd1150a2931e61a4752b8de4c0af7b03a
  • File Hash – SHA-256: 8a3ca9efa2631435016a4f38ff153e52c647146e285e0573ef667c6fb7aeb1

Full Story: https://medium.com/@patelvidhi4288/intelbroker-the-rising-threat-actor-in-the-cybercrime-landscape-bc64ee521596?source=rss——cybersecurity-5

Views: 41

Tags: COLLECTION, CVE, EXFILTRATION, SOCIAL ENGINEERING, PHISHING, DEFENSE EVASION, PATCH, CREDENTIAL