Tag: lockbit

Cloud ransomware attacks are evolving, primarily targeting storage services like Amazon S3 and Azure Blob Storage. Attackers exploit misconfigurations or use stolen credentials to access and encrypt data. Cloud service providers have implemented security measures, such as AWS's 7-day key deletion w…

An open directory exposed a Chinese-speaking threat actor's toolkit and operational history. The actor conducted extensive scanning and exploitation targeting organizations in South Korea, China, Thailand, Taiwan, and Iran using tools like WebLogicScan, Vulmap, and Xray. The Viper C2 framework and …

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…