A colossal wave of stolen personal identifiable information (PII) from Thailand has crashed onto the shores of the dark web, marking a disturbing escalation in cybercriminal activities. This massive leak, unprecedented in its scale and audacity, has exposed the personal data of millions, casting a long shadow over the digital safety and privacy of Thai citizens.…
Tag: DARK WEB
Emerging as a new group in the cybercrime landscape, this Russian-speaking group, WereWolves Ransomware, has gained notoriety recently for its rapid emergence last year. We are going to explore their modus operandi, and their growing list of victims, which stands at 23.
WereWolves’ leak website’s main page
Who is WereWolves Ransomware?…
Key TakeawaysKroll has observed a recent shift in the base64 encoding used for DARKGATE.The base64 alphabet is now randomized based on characteristics of the victim system.A weakness in the seed value randomness makes the new alphabet trivial to brute force.The discovered alphabet can be used to decode the on-disk configuration and keylogging outputs.…
Read More One hacker collective continues to confound federal law enforcement and cybersecurity experts — the Scattered Spider. Known by a multitude of aliases such as Muddled Libra, UNC3944, Starfraud, and Octo Tempest, this hacking group has not only infiltrated major corporate networks like MGM Resorts and Caesars Entertainment but has done so with a bold audacity that leaves many wondering.…
Jason Reaves
·
Follow
Published inWalmart Global Tech Blog· 8 min read ·Jan 16, 2024
—
By: Joshua Platt, Jonathan McCay and Jason Reaves
Keyhole is a multi-functional VNC/Backconnect component used extensively by IcedID/Anubis. While the malware contains functionality that has been previously reported on as typical VNC and HDESK capabilities, a general lack of technical information appears to exist around some of the expanded functionality currently present.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The information collected can be used for future attacksSeverity Level: High
FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023.…
As the world adorned its festive attire, the cybercriminal community in the shadowy realms of the Dark Web orchestrated their chilling celebration – “Leaksmas.” This event, coinciding with the Christmas season, unfolded as a sinister display of data sharing among hackers, as observed by Resecurity.
The “Free Leaksmas” tag, a twisted token of gratitude, marked the substantial data dumps resulting from breaches and intrusions across a diverse range of companies and government agencies.…
Masterminds of Tech Excellence in the World of Cybercrime
Read More Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
A new plant has grown in the desert of cyber threats, wielding its thorns to pierce through organizations and individuals alike. The Cactus Ransomware Group, a name recently whispered with curiosity across the cybersecurity realm, has emerged from the shadows, sowing seeds of chaos and disruption in its wake.…
On Christmas Eve, Resecurity’s HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). This product has already generated significant interest in Dark Web after the initial release in June this year. One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on various platforms to extract credentials and tokens.…
In 2023, the payment fraud underground showed signs of recovery following Russian law enforcement's crackdown on domestic cybercriminals and the Russian invasion of Ukraine in 2022. The dark web carding shops saw a rebound in the volume of stolen payment cards, with 119 million cards posted for sale online.…
AhnLab Security Emergency response Center (ASEC) analyzes attack campaigns against poorly managed Linux SSH servers and shares the results on the ASEC Blog. Before installing malware such as DDoS bot and CoinMiner, the threat actors need to obtain information on the attack target, that is the IP address and SSH account credentials.…
Targeted attacks
Unknown threat actor targets power generator with DroxiDat and Cobalt Strike
Read More Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons.…
Information Stealers are a pervasive threat and are capable of providing threat actors with a rich source of sensitive data.
Recently, we came across this tweet that the Serpent Stealer is on sale on the dark web. A .NET based malware, this has the ability to not only acquire sensitive information from the most popular online browsers and applications but also has the capability to exfiltrate passwords. …
Author: Alex Jessop (@ThisIsFineChief)
Summary Tl;drThis post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape.
Below provides a summary of findings which are presented in this blog post:
Initial access gained via a publicly disclosed vulnerability in an externally facing server Use of vulnerable drivers to disable security controls Remote Desktop Protocol was used for Lateral Movement Access persisted through tunnelling RDP over SSH Exfiltration of data via Mega Execution of ransomware via scheduled taskNoEscapeNoEscape is a new financially motivated ransomware group delivering a Ransomware-as-a-Service program which was first observed in May 2023 being advertised on a dark web forum, as published by Cyble [1].…
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including new ransomware actors such as the emergent group INC Ransom. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
Research & Threat Intel
20 Nov 2023
Written By
Read More The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.…
SentinelOne is currently monitoring increased exploitation of CVE-2023-22518, a recently identified vulnerability in Atlassian’s Confluence Datacenter and Server software. We have observed multiple campaigns leveraging the bug to deploy new C3RB3R (Cerber) ransomware variants targeting both Windows and Linux hosts.
In this post, we detail the attack chain observed in these incidents and provide recent indicators to help responders and threat hunters identify and mitigate similar attacks in these ongoing campaigns.…
Resecurity has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations in North America, Asia, and the European Union. In the EU, Handelsblatt reported that ransomware attacks targeting the energy sector more than doubled in 2022 over the previous year, with defenders recording 21 attacks through the past October.…