Tag: CTI

  • ALPHV Ransomware: A Closer Look into the Russian Ransomware Group

    In recent years, the Russian-based ALPHV ransomware group, also known as BlackCat, Noberus, Gold Blazer, and Alpha Spider, has emerged as a formidable cyber threat, targeting organizations worldwide and operating with a ransomware-as-a-service (RaaS) business model. With their advanced tactics and persistent attacks, ALPHV has become a significant player in the ransomware landscape targeting over… Read more

  • Cactus Ransomware Group: An Emerging Threat in 2023

    In today’s ever-evolving cybersecurity landscape, staying ahead of emerging threats is crucial. One threat that has recently taken the stage is the Cactus Ransomware Group. This clandestine organization has captured the attention of cybersecurity professionals worldwide, causing significant concern. In this blog post, we aim to explore the inner workings, tactics, and effective mitigation strategies… Read more

  • Vice Society: One of the Most Impactful Ransomware Gangs of 2022

    Vice Society (also known as Vice Spider, DEV-0832, and Vanilla Tempest) is identified as a Russian-based group specializing in intrusion, exfiltration, and extortion. Operating since the summer of 2021, Vice Society sets itself apart from other ransomware groups by deviating from the typical ransomware-as-a-service (RaaS) model. Instead of developing their own custom ransomware payload, they… Read more

  • BlackByte Ransomware Returns: Introducing the New Technology (NT) Variant

    Emerging around July 2021, BlackByte is a fully featured Ransomware-as-a-Service (RaaS) group that infiltrates organizations and demands hefty ransoms. They employ a strategy known as double extortion, stealing files from the targeted organization and publicly leaking them if the ransom goes unpaid. BlackByte is known for continuously updating and distributing homonymous malware in various versions.… Read more

  • Lemon Group’s Cybercrime Enterprise Leverages Millions of Pre-Infected Android Phones

    The Lemon Group, a large cybercrime enterprise, has installed “Guerilla” malware on approximately 9 million Android-based devices, including smartphones, watches, TVs, and TV boxes.   Techniques such as reflashing and silent installation have become prevalent in the past decade. Reflashing involves reprogramming or replacing the firmware of a device, allowing for modifications, firmware updates, or the… Read more

  • UNC3944 Exploits Azure Serial Console for Complete VM Takeover

    A threat group known as UNC3944 (also known as Roasted 0ktapus and Scattered Spider) has been observed hijacking Microsoft Azure admin accounts through phishing and SIM-swapping attacks. The financially motivated group bypasses traditional detection methods within Azure and gains full administrative access to compromised virtual machines (VMs) within victim organizations using Microsoft’s cloud computing service.… Read more

  • Babuk Ransomware-as-a-Service (RaaS) Gaining Popularity

    In early 2021, the Babuk ransomware operation emerged, targeting businesses through double-extortion attacks. Multiple large enterprises were attacked, with one victim having to pay $85,000 after negotiations. However, the group faced a setback when their ransomware source code and various encryptors and decryptors were leaked on a Russian-speaking hacking forum in September 2021. Their activities… Read more

  • New “Greatness” Phishing-as-a-Service Tool Already Active in Phishing Campaigns

    A new phishing tool called “Greatness” has been discovered and deployed in various phishing campaigns since mid-2022. Security researchers identified several features commonly found in advanced phishing-as-a-service (PaaS) offerings like multi-factor authentication (MFA) bypass, IP filtering, and integration with Telegram bots. Greatness specifically targets victims through Microsoft 365 phishing pages and provides affiliates with an… Read more

  • Sophisticated Techniques Implemented by ViperSoftX InfoStealer to Evade Detection

    A widespread cryptocurrency- and information-stealing malware called ViperSoftX has affected numerous victims across consumer and enterprise sectors throughout Australia, Japan, the U.S., and India. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) that allows remote access and control over infected machines. This evasive malware has recently adopted advanced encryption and anti-analysis techniques to avoid detection.… Read more

  • Akira Ransomware: Targeted Attacks, Data Breaches, and Million-Dollar Ransoms

    A new ransomware strain named Akira has emerged, causing significant disruption to corporate networks worldwide. It targets industries such as finance, real estate, and manufacturing. Akira has quickly gained notoriety since its launch in March 2023. Upon execution, Akira deletes Windows Shadow Volume Copies, making file restoration challenging. It selectively encrypts files using various extensions,… Read more