Cl0p Ransomware Victim Count Continues to Climb at an Alarming Rate
In 2019, Cl0p Ransomware surfaced as a Ransomware-as-a-Service (RaaS) model and became notorious due to its advanced techniques. Its main target was larger organizations with an annual income of USD 5 million or higher. The Threat Actors (TAs) infiltrate the targeted systems and encrypt the files, demanding a ransom to be paid in exchange for the decryption key.…
A new Infostealer called “LummaC2” is being distributed disguised as illegal programs such as cracks and keygens.
Other malware such as CryptBot, RedLine, Vidar, and RecordBreaker (Raccoon V2) are distributed in a similar manner and have been covered here on ASEC Blog.
It appears that the LummaC2 Stealer has been available for purchase on the dark web since the beginning of this year, and since March, it has been distributed by a threat group disguised as a crack.…
Research by Shilpesh Trivedi and Pratik Jeware
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).
And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram.…
This post is also available in: 日本語 (Japanese)
Executive SummaryTrigona ransomware is a relatively new strain that security researchers first discovered in late October 2022. By analyzing Trigona ransomware binaries and ransom notes obtained from VirusTotal, as well as information from Unit 42 incident response, we determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
On 16th Feb 2023, PSIRT released a security advisory for a critical vulnerability affecting multiple versions of FortiNAC, a product of Fortinet.
FortiNAC is a network access control solution aimed to provide visibility, control, and automated response to enterprise network that contains Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) devices.…
In January 2023, through our Dark Web monitoring routine, Sekoia.io identified a new information stealer advertised as Stealc by its alleged developer, going by the handle Plymouth. The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars and Redline stealers.…
By Aleksandar Milenkoski and Tom Hegel
Executive Summary SentinelLabs observed a cluster of virtualized .NET malware loaders distributed through malvertising attacks. The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes. MalVirt loaders are currently distributing malware of the Formbook family as part of an ongoing campaign.…It will take some time before all of us are able to forget about the Southwest flight debacle of 2022. As one of the world’s leading carriers, they boasted one of the lowest consumer complaint rates in 2021.1 Of course, that ranking may well change after hundreds of thousands of passengers were left stranded over the holidays when more than 16,700 Southwest flights were canceled.…
Resecurity® has identified a relatively new ransomware family called “Nevada Ransomware”. The actors behind this new project have an affiliate platform first introduced on the RAMP underground community, which is known for initial access brokers (IABs) and other cybercriminal actors and ransomware groups. On February 1st (2023), the operators behind the project updated and significantly improved the functionality of the locker for Windows and Linux/ESXi, and distributed new builds for their affiliates which have been analyzed by our malware intelligence team.…
Written by Jon DiMaggio.
Table of Contents
I gotta story to tell…
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred.…
On January 12, 2023, the Liquor Control Board of Ontario (LCBO) published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world.
Web skimmerThe cybersecurity incident was a web skimmer, which is designed to retrieve customer payment information.…
Major drug markets in the Dark Web are now worth around $315 million annually
The Resecurity® Hunter unit performed an extensive analysis of current trends and dynamics related to the underground economy around active DNMs leveraging technical means and human intelligence (HUMINT) sources. Some results of this research (Drug Trafficking in the Dark Web – Status Report – 2022/2023) arranged by our team are provided within this blog post and are aimed to provide awareness for international law enforcement, cybercrime investigators and intelligence professionals. Some…
During a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based browsers. This stealer was named LummaC2 Stealer, which targets crypto wallets, extensions, and two-factor authentication (2FA) and steals sensitive information from the victim’s machine.…
During a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a tweet about PureLogs information stealer by TG Soft. This tool is used by the Threat Actor (TA) “Alibaba2044” to launch a malicious spam campaign at targets based in Italy on the 14th of December 2022.…
Published On : 2022-12-15
Executive SummaryCYFIRMA Research Team has been tracking three campaigns – Evian, UNC064, and Siberian bear – that are potentially operated by Russian-speaking threat groups on behalf of their Russian Masters.
CYFIRMA Research Team has uncovered a comprehensive threat story originating from similarities between the three campaigns based on the target industries, geographies, methods used, motivation, campaign infrastructure indicators, and hacker conversations.…
Redline Stealer is one of the most popular stealers being sold and used by cybercriminals. The command and control (C2) panel does not require an attacker to log in via the Web UI; everything can be managed via the Redline client on the attacker’s virtual private server (VPS).…
On December 1, 2022, CISA and FBI released a joint Cybersecurity Advisory (CSA) on Cuba ransomware [1]. Security researchers have track downed a new variant of the Cuba ransomware as Tropical Scorpius. This Cuba ransomware group mainly targets manufacturing, professional and legal services, financial services, construction, high technology, and healthcare sectors [2].…
Published On : 2022-09-25
Erbium Stealer Malware Report Executive SummaryThe Erbium malware is an information-stealer/ info stealer, which is distributed as Malware-as- a-Service (MaaS). CYFIRMA research team observed this malware binary in Aug-2022 while carrying out threat hunting activities. The team has also observed the stealer malware being advertised on Russian-speaking hacker forums.…
There’s a common saying in cyber security, “you can’t protect what you don’t know,” and this applies perfectly to the attack surface of any given organization.
Many organizations have hidden risks throughout their extended IT and security infrastructure. Whether the risk is introduced by organic cloud growth, adoption of IoT devices, or through mergers and acquisitions, the hidden risk lies dormant.…