Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: extortion

7 attack reports | 0 vulnerabilities

Attack reports

Threat Assessment: Distributors of BlackSuit Ransomware

Ignoble Scorpius, previously known as Royal ransomware, has rebranded as BlackSuit ransomware and increased its activity since March 2024. The group has targeted at least 93 victims globally, with a focus on the construction and manufacturing industries. Their initial ransom demands average 1.6% of…

ransomware
extortion
cobalt strike
credential theft
gootloader
lateral movement
mimikatz
data exfiltration
blacksuit
systembc
supply chain attack
2024-11-20
nanodump
Published: November 20, 2024

Downloadable IOCs 2

EDR Bypass Testing Reveals Extortion Actor's Toolkit

Unit 42 investigated an extortion attempt where threat actors tested an AV/EDR bypass tool on rogue systems with Cortex XDR installed. The actors purchased network access via Atera RMM and used a BYOVD technique for the bypass tool. Researchers gained visibility into the actors' systems, uncovering…

extortion
cobalt strike
rclone
mimikatz
conti
sharphound
rubeus
byovd
2024-11-02
cortex xdr
safetykatz
cybercrime forums
threat actor profiling
av/edr bypass
Published: November 2, 2024

Downloadable IOCs 0

Rhysida Ransomware: Multi-Tiered Infrastructure and Early Detection Analysis

Insikt Group unveiled Rhysida's complex infrastructure, comprising typo-squatted domains for SEO poisoning, payload servers, CleanUpLoader C2 infrastructure, and higher-tier components including an admin panel and Zabbix monitoring server. This multi-tiered setup enables early victim identification…

backdoor
ransomware
seo poisoning
extortion
multi-tiered
infrastructure
2024-10-10
rhysida
chrgetpdsi
portstarter
cleanuploader
early detection
Published: October 10, 2024

Downloadable IOCs 106

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

ransomware
extortion
exfiltration
encryption
cybercrime
2024-09-11
cicada3301
Published: September 11, 2024

Downloadable IOCs 8

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…

extortion
cloud
credentials
aws
2024-08-16
scanning
automation
compromised
Published: August 16, 2024

Downloadable IOCs 37

BianLian Ransomware Group: 2024 Activity Analysis

The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The ana…

ransomware
extortion
cybercrime
bianlian
2024-07-12
data breach
Published: July 12, 2024

Downloadable IOCs 8

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…

data theft
extortion
2024-06-12
snowflake
unc5537
Published: June 12, 2024

Downloadable IOCs 48

» Click here to see all Attack Reports «