Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability in mind, allowing it to customize attacks based on its victims’ specific environments. Originating from a sophisticated background, Qilin leverages advanced tactics to extort organizations.…
Tag: DARK WEB
Today I have uploaded the Indonesian Ministry of Transportation Database for you to download, thanks for reading and enjoy!
Kementrian Perhubungan IndonesiaThe Ministry of Transportation of the Republic of Indonesia is a ministry in the Indonesian Government in charge of transportation affairs, is led by a Minister of Transportation who since 27 July 2016 has been held by Budi Karya Sumadi.…
BlackSuit ransomware is a rebranded version of the notorious Royal ransomware, which emerged due to heightened law enforcement actions against the original group. This rebranding signifies a strategic shift aimed at evading detection and continuing their cybercriminal activities under a new guise. The Royal ransomware, now BlackSuit, has a notorious history of targeting high-profile sectors and demanding substantial ransoms.…
Threat Actor: Unknown | Unknown Victim: Facebook | Facebook Price: Not specified Exfiltrated Data Type: Full names, profiles, emails, phone numbers, DR (date of registration), and locations
Additional Information:
The leaked database allegedly contains 100,000 lines of data. Affected users are at risk of identity theft, phishing scams, and social engineering attacks.…Summary: This article discusses the cost of a phishing-as-a-service platform and how cybercriminals are targeting European banking clients with this method.
Threat Actor: Cybercriminals | Cybercriminals Victim: European banking clients | European banking clients
Key Point :
Cybercriminals are using a phishing-as-a-service platform to target European banking clients.…Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users.…
Cyberthreat intelligence (CTI) can be a powerful weapon for protecting an organization from cyberattack, enabling teams to understand both the threats they face and the tactics, techniques, and procedures of their adversaries.…
Imagine being a developer who’s building the next-gen crypto app by using popular open source components to speed up coding. Instead, you end up including a package in your build that, does accomplish what you are trying to, but additionally steals cryptocurrency on any system that it’s installed on.…
On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector.…
On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.…
Summary: This content discusses the advertising of a new Android Remote Trojan called Viper RAT on dark web forums and its capabilities.
Threat Actor: Viper RAT | Viper RAT Victim: Android devices | Android devices
Key Point :
The Viper RAT is a new Android Remote Trojan that is being advertised on dark web forums.…MANILA, PHILIPPINES – Within this week, a series of data breaches, personal information from Toyota Makati, a renowned car dealership, Robinsons Malls, a prominent shopping mall chain, and S&R, a popular membership shopping club, has been compromised, affecting hundreds of thousands of customers.
Toyota Makati Data Breach:
An alleged data breach at Toyota Makati, discovered on May 29, 2024, has exposed over a terabyte of data spanning from 2016 to 2024.…
Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…
Threat Actor: Unknown | Unknown Victim: QuoteWizard.com and LendingTree | QuoteWizard.com and LendingTree Price: $2,000,000 Exfiltrated Data Type: Personal information, partial credit card details, auto history and driving records, personal background information, tracking pixel data
Additional Information:
The data allegedly includes full customer details such as names, addresses, emails, phone numbers, and other personal information.…Threat Actor: ShinyHunters | ShinyHunters Victim: Ticketmaster | Ticketmaster Price: $500,000 Exfiltrated Data Type: Names, emails, addresses, phone numbers, ticket sales, and order details
Additional Information :
ShinyHunters, the current administrator of BreachForums, claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000.…Summary: Managed Service Partners (MSPs) highlight cybersecurity as their top concern in staying competitive in the market, with challenges including staying on top of security technologies, employing more security analysts, and maintaining awareness of the latest threats.
Threat Actor: N/A Victim: N/A
Key Point :
MSPs consider cybersecurity as their main concern for staying competitive in the market.…Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.
Threat Actor: phant0m | phant0m Victim: N/A
Key Point :
A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…Key Points
The cyber threat landscape has seen a significant increase in information-stealing (infostealer) malware activity, with a 30.5% rise in marketplace listings for “stealer logs” from Q3 to Q4 of 2023. This malware type has evolved to encompass more sophisticated tools that aim to harvest sensitive information such as usernames, passwords, and credit card details.…This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.
TL;DRSekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…