New blog from my friends at Group-IB: 🚨 #ShadowSilk APT targets gov entities in Central Asia & #APAC. Linked to #YoroTrooper through infra/toolset overlaps. Uses custom scripts, JRAT/MORF panels & #Telegram bots for C2. #APT
https://t.co/jrqnCM7rR3
Global ransomware #RansomNote : d908e7194f9b98e9e0da0cfeade01dcc31959709e33073efd45c2c26000ce9a4
Name of ransom note: "README_Global.txt"
Victim login page:
gdbkvfe6g3whrzkdlbytksygk45zwgmnzh5i2xmqyo3mrpipysjagqyd[.]onion/chat/id
New Qilin playbook: “no pay, we snitch.” Group says it will report victim orgs to IRS/regulators/FBI and funnel breached data to fraud rings. Extortion goes regulatory. #ransomware#Qilin#ThreatIntel
Group-IB’s Threat Intelligence team has investigated the work of the #Lynx#Ransomware group, unveiling multi-architecture builds (Windows, Linux, ESXi). Their affiliate panel centralizes attack orchestration and data-leak scheduling. #RaaS#CyberSecurity
Group-IB’s Threat Intelligence team has uncovered the #Cicada3301 ransomware group, leveraging multi-platform ransomware in Rust targeting Windows, Linux, ESXi, and PowerPC systems. #Ransomware
#RansomHub, like many other groups, uses a #VIP subscription model to elevate #cybercrime. Their top-tier affiliates gain exclusive access to advanced tools, boosting the effectiveness of their attacks.
Group-IB’s Threat Intelligence & DFIR teams have uncovered the #DragonForce ransomware group leveraging #LockBit 3.0 & customized Contiv3 forks with advanced features. #Ransomware
Group-IB TI & DRP teams have uncovered a new fake #investmentscam campaign targeting #Facebook & Instagram users in Türkiye. The threat actor(s) are advertising fraudulent investment pages mimicking the brands of at least 6 companies in the country since the first week of August.
Mobile Device Management (MDM) systems are vital for managing company-issued devices, but compromised credentials can pose severe risks. We uncovered over 1,500 stolen login pairs from #MDM services on the #darkweb.
Thanks to #ESET for an in-depth overview of activity in the first half of 2024. In our research, we found that impersonations of Ethiopian, South African, Peruvian and Mexican applications are related to #Gigabud.
Check out ESET’s post for more details: https://t.co/50YJdE9qkC
In March 2024, #Eldorado launched an affiliate program on the #RAMP forum, seeking pentesters. Group-IB Threat Intelligence analysts jumped into it to find more information about their work.
Group-IB TI team discovered a new #phishing campaign dubbed #Evnil targeting O365 corporate users via #HTMLphishing email attachments. The attachment displays the entire phishing page without contacting malicious infrastructure, making it stealthy and hard to detect.
Not your everyday legitimate app. Group-IB’s High-Tech Crime Investigations team’s initial analysis of a #scam scheme involving #fakeapps in Singapore brought out crucial details on the threat actor - EVLF, and #CraxsRat used for exploitation. Read More: https://t.co/G5U2SEeuB1
Discover the latest on #Boolka, a #cyberthreat actor responsible for spreading #malware and stealing data through #webattacks. Learn about Boolka's methods and how we're fighting back. #InfoSec#CyberSecurity
Read More : https://t.co/V7wV7HnkmR
From late 2023 to early 2024, #SharpPanda has continued to target government entities in the Southeast Asia. Group-IB researchers have spotted several initial infection vectors (documents/executables) similar to previous Sharp Panda operations. These malicious files deliver the notable 5.t #downloader.