The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR n…
Tag: DARK WEB
Researchers describe a KONNI variant delivered through a backdoored Russian-language installer for a MID consular tool called Statistika KZU, highlighting DPRK-linked activity targeting the Russian Ministry of Foreign Affairs. The backdoored installer contains…
We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails. Scamming…
Hunters International emerged in late 2023 as a RaaS operation with technical lineage and tactics resembling Hive, continuing cyber extortion trends despite Hive’s takedown. The group claims independence, focuses on data theft over encryption, and shows ties t…
CISA and MS-ISAC found an unknown threat actor used a former employee’s active domain admin account to authenticate via the organization’s VPN from an external VM, execute LDAP queries to enumerate users, hosts, and trusts, and post the resulting files to a da…
RustDoor (macOS) and GateDoor (Windows) are a cross‑platform pair of malware disguised as legitimate updates or utilities, with RustDoor acting as a backdoor and GateDoor as a loader. They share overlapping C2 infrastructure linked to ShadowSyndicate, and empl…
3AM Ransomware emerged in late 2023 as a Rust-built, 64-bit ransomware used as a fallback option when deploying LockBit failed, and it disrupts backups and security tools while encrypting targeted files with a “.threeamtime” extension. It has alleged ties to l…
Discover how Recorded Future AI delivers crucial threat intelligence and insights, enabling security teams to stay ahead of sophisticated cyber threats efficiently.
The Sandman APT group has drawn major attention for targeting telecommunications providers in Europe, the Middle East, and South Asia, employing LuaDream, a LuaJIT-based modular backdoor, to achieve stealthy espionage with minimal footprints. Research ties San…
Fortinet’s FortiOS SSL VPN is affected by a critical Remote Code Execution vulnerability (CVE-2024-21762) with PoC exploits and active exploitation chatter, alongside related issues in Shim (CVE-2023-40547) and Ivanti (CVE-2024-22024). The report also highligh…
S2W TALON researchers uncovered Troll Stealer, a Go-based info-stealer linked to the Kimsuky group, distributed via a page that redirects to a South Korea site and uses a stolen certificate to sign both the dropper and the malware. The campaign targets South K…
Check Point Research details how the Raspberry Robin worm rapidly integrated new kernel LPE exploits (including CVE-2023-36802 and CVE-2023-29360), shifted delivery and lateral movement methods, and added multiple anti-analysis and evasion techniques. The repo…
If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writing—and are beloved by cyber security experts. So Morphisec has created a comprehensive cyber security glossary that explains commonly…
Sekoia.io’s TDR team tracked a sharp rise in adversary C2 infrastructure during 2023, identifying over 85,000 IP addresses used as C2 and monitoring widespread use of phishing-as-a-service, infostealers, and OSTs like Cobalt Strike. The report explains the pro…
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.
The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit 42….