Tag: RUSSIA

Summary: The clearnet domain of the BreachForums data leak and hacking forum has been taken down by rival threat actors, who have announced a breach of user data and threatened to leak user details. The TOR version of the site remains operational.

Threat Actor: R00TK1T | R00TK1T Victim: BreachForums | BreachForums

Key Point :

Rival threat actor group R00TK1T, along with the pro-Russian gang Cyber Army of Russia, has taken down the clearnet domain of the BreachForums data leak and hacking forum.…
Read More
Key findings:The group is targeting various countries around the world in addition to its priority region of Latin America.It uses long chains that incorporate a variety of tools and malware: AgentTesla, FormBook, Remcos, LokiBot, Formbook, Guloader, SnakeKeylogger, XWorm, and others.The group uses compromised legitimate FTP servers for C2, and SMTP servers, for C2 and phishing.…
Read More

Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom

 

With Russia’s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group’s operations in support of Moscow’s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia’s conventional forces than in any other previous phase of the conflict.…

Read More

Summary: The Institute for Security and Technology’s Ransomware Task Force (RTF) rejects the idea of a ransom payment ban, citing concerns about reporting, driving payments underground, and critical infrastructure exemptions. Instead, the RTF proposes 16 milestones to effectively reduce ransomware payments.

Threat Actor: N/A Victim: N/A

Key Point :

Concerns about a ransom payment ban include its impact on reporting by victims, the potential to drive payments underground, and the unintended consequences of critical infrastructure exemptions.…
Read More

The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement’s (LE) “Operation Cronos” aimed at dismantling LockBit’s infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation.…

Read More

Summary: The World Cybercrime Index reveals that Russia is the top hub for digital threat actors and the most significant source of global cybercrime, followed by Ukraine, China, the United States, Nigeria, and Romania.

Threat Actor: Russia, Ukraine, China, United States, Nigeria, Romania

Victim: N/A

Key Point:

Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide.…
Read More

Summary: This article discusses a recent attack campaign where cybercriminals manipulated GitHub’s search functionality to distribute malware through meticulously crafted repositories.

Threat Actor: Cybercriminals

Victim: GitHub users

Key Points: – Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.…

Read More

Summary: A previously unknown ransomware gang called Muliaka (or Muddy Water) has been targeting Russian businesses with malware based on the leaked source code from the Conti hacking group.

Threat Actor: Muliaka | Muliaka Victim: Unnamed Russian business | Unnamed Russian business

Key Point :

The Muliaka ransomware gang has been active since at least December 2023 and has been using malware based on the leaked source code from the Conti hacking group.…
Read More

Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. These malicious actors imitated the landing pages of popular software, such as Zoom, Microsoft OneDrive, Microsoft SharePoint, and Microsoft Teams, to lure target victims into downloading malicious installers.…

Read More

Key Point : – The state-linked intrusion on Microsoft Exchange Online led to the theft of about 60,000 U.S. State Department emails last summer and was preventable. – Microsoft’s corporate culture deprioritized investments in enterprise security and rigorous risk management. – The Cyber Safety Review Board urged Microsoft to make security-focused reforms and recommended changes for all cloud services providers and government partners.…

Read More

Threat Actor: Server Killers Group Victim: North Macedonian Government

Key Points: 🌟 Server Killers group initiated a series of cyber attacks targeting North Macedonia. 🌟 They executed Distributed Denial of Service (DDoS) assaults on critical government websites. 🌟 The official portals of the North Macedonian government and parliament were targeted.…

Read More
Introduction

In the first quarter of 2024, specialists from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. We could not find any links to known groups that used the same techniques. The main goal of the attack was stealing credentials for various services from computers used by public servants.…

Read More

Threat Actor: Server Killers Victim: North Macedonia Key Points: 🌟 Server Killers is a notorious hacking group. 🌟 They have announced their involvement in a coordinated offensive against North Macedonia. 🌟 Their decision is based on North Macedonia’s perceived complicity in aiding Ukraine and imposing sanctions on Russia.…

Read More