Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders. Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums. Victim: Small compan…
Tag: DARK WEB
Akira ransomware has evolved into a notable double-extortion threat impacting hundreds of organizations and critical infrastructure since its 2023 emergence, with a distinctive leak-site presence. CISA reports over 250 impacted entities and about $42 million i…
Summary: This article discusses the surge in cyberattacks using the leaked LockBit code, targeting various victims globally. It also explores the rise of new ransomware groups that are using modified versions of the leaked LockBit code. Threat Actor: LockBit and various ransomware groups using the l…
Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024. Threat Actor: Ransomware gangs such as LockBit, Bl…
Deep Instinct and others report MuddyWater activity using a newly observed command-and-control framework named DarkBeatC2 that relies heavily on PowerShell-based C2 fetch/execute routines, public file-hosting links, and abused RMM tooling. The campaign leverag…
Executive Summary In this report, S2W TALON examined the trends of ransomware groups active in 2023 identifying the operational characteristics of each group and describing them from 5 perspectives:— Activity: The number of victim organizations uploaded to ransomware leak sites increased by 1.6 time…
Podcasts provide an easy and effective way to stay up to date on the threat intelligence landscape. They cover a wide range of topics, including insights into the most recent developments and advice on how to protect yourself, your devices, and your business. AI illustration by Bing In this post, we…
A hacker fakes his own death to avoid paying child support A hacker has confessed to orchestrating his own death to evade over $100,000 in child support payments to his ex-wife. Jesse E. Kipf pleaded guilty on March 29, 2024, to aggravated identity theft and computer fraud charges. Kipf, w…
A threat actor has purportedly announced the sale of data associated with Académie de Lyon and the French Ministry of Education, comprising approximately 40,000 users. The disclosed information is said to encompass identities, addresses, phone numbers, emails, and relationships between middle school students, parents, teachers, and academic staff within the Lyon…
Explore how threat intelligence enhances dark web investigations, mitigating cyber threats to protect enterprise data and maintain brand trust.
AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were…
Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs). Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.
An in-depth look at the Sidewinder threat actor reveals a sprawling infrastructure of domains and document-based lures used to target government and defense entities across South Asia. The analysis highlights the actor’s use of attachment-based campaigns and a…
In a concerning development, a threat actor has recently come forward with claims of possessing and intending to sell an extensive database containing the personal details of Spanish citizens. The alleged database, purportedly encompassing individuals born between 1926 and 2004, boasts an impressive 39.8 million records, comprising information such as National…
Summary: Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI’s SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. Threat Actor: Unknown | Unknown Victim: Facebook users | F…