The ALPHV ransomware group, also known as BlackCat, has emerged as a significant threat by operating under a Ransomware-as-a-Service model. They caused a major healthcare
Search Results for: alphv
In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and
(Feed generated with FetchRSS)
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV BlackCat Ransomware-as-a-Service (RaaS) identified through FBI investigations as recently as December 6, 2023.
The post Response to CISA Advisory (AA23-353A):…
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant
Mandiant has observed a new ALPHV (aka BlackCat ransomware) ransomware affiliate, tracked as UNC4466, target publicly exposed Veritas Backup Exec installations, vulnerable to CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878, for initial access to victim environments. A commercial Internet scanning service identified over 8,500 installations of Veritas Backup Exec instances that are currently exposed…
Scattered Spider is a financially motivated cybercriminal group targeting large enterprises using sophisticated social engineering and malware including ransomware like ALPHV/BlackCat and DragonForce. AttackIQ provides detailed emulation content and assessment templates to help organizations evaluate and improve their security posture against this persistent threat. #ScatteredSpider #ALPHVBlackCat #DragonForce…
Impacket is a powerful penetration testing toolkit widely abused by various APT groups and ransomware actors for remote command execution and lateral movement. This article focuses on three key Impacket tools—WmiExec, SmbExec, and PsExec—detailing their execution methods and detection strategies. #Impacket #WmiExec #SmbExec #PsExec #APT28 #APT29 #MustangPanda #ALPHV #Rhysida
UNC3944 is a financially-motivated threat actor targeting various sectors with tactics including social engineering, ransomware, and data theft. Their operations have broadened since 2023, affecting
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa,
The finance industry is facing an increasing number of cyberattacks, with significant recent incidents exposing vast amounts of sensitive data. Notable breaches have involved major
As we enter 2025, the ransomware landscape remains dominated by financially motivated attacks, despite some groups shifting towards non-financial objectives. Law enforcement actions have disrupted
The last quarter of 2024 saw an unprecedented surge in ransomware activity, with significant growth in the number of active groups and notable incidents involving
Darktrace’s investigation into RansomHub attacks revealed connections to the ShadowSyndicate threat group, which has been active since July 2022. ShadowSyndicate has adopted RansomHub’s ransomware services,