As the world adorned its festive attire, the cybercriminal community in the shadowy realms of the Dark Web orchestrated their chilling celebration – “Leaksmas.” This event, coinciding with the Christmas season, unfolded as a sinister display of data sharing among hackers, as observed by Resecurity.T…
Tag: DARK WEB
Resecurity uncovered a cybercriminal group known as the GXC Team, led by googleXcoder, that developed AI-powered tools for invoice fraud, wire transfers, and business email compromise (BEC). Their AI-enabled toolset includes FraudGPT/WormGPT-based platforms an…
FortiGuard Labs highlights 8base, a Windows-targeted ransomware variant likely based on Phobos, delivered via SmokeLoader and featuring data exfiltration and high ransom demands. The write-up covers infection vectors, victimology, encryption behavior, variant …
SOCRadar profiles the Cactus Ransomware Group, detailing its self-encrypting ransomware, evasion techniques, and double-extortion tactics used against organizations worldwide. The piece highlights VPN exploitation, a multi-layer infection chain, and a Tor-base…
Meduza Stealer 2.2 has been released with broader client support (including browser-based wallets) and enhanced credential/token dumping capabilities, aiming to rival Azorult, Redline, Racoon, and Vidar. The update includes a revamped interface, expanded data …
2023’s payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
This article discusses the escalating threat of SMS phishing (smishing) attacks targeting the United States Postal Service (USPS). The rise of these attacks is largely linked to a phishing toolkit available on the dark web, utilized by various threat actors, p…
Asec analyzes campaigns that target poorly managed Linux SSH servers, detailing how attackers gather target data, scan for SSH on port 22, and then deploy malware, scanners, or SSH brute-force tools to expand access. The analysis highlights common malware (She…
Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China.
Serpent Stealer is a .NET 64-bit information stealer that performs environment checks, harvests browser autofill/history/passwords, crypto wallet data, SSH/FTP/Steam credentials, and exfiltrates data via webhooks and Discord. The malware uses sandbox/VM and de…
A NCC Group incident response study analyzes NoEscape ransomware techniques observed in a recent engagement, highlighting opportunistic access and noisy tool use. The findings cover ProxyShell exploit access to Exchange, RDP lateral movement with SSH tunneling…
INC Ransom is a newly identified ransomware actor that emerged in August 2023, targeting mainly US and Western organizations with double and triple extortion and partial encryption. Cybereason Threat Alerts detail its operations, blog-leak activity, and how th…
LummaC2 v4.0 is analyzed as a dynamic information stealer that adds a novel anti-sandbox layer using mouse-cursor positions and trigonometry to delay execution until “human” behavior is detected. The article also covers its two-layer packer with control-flow f…
SentinelOne is tracking ongoing exploitation of CVE-2023-22518 against Atlassian Confluence Datacenter and Server to deploy Cerber (C3RB3R) ransomware on Windows and Linux. The campaigns abuse a backdoor admin account via the vulnerability, use web shells and …
Resecurity reports an alarming rise in ransomware targeting the energy sector worldwide, including nuclear facilities and related research entities, with attackers expanding across North America, Asia, and the EU. The article highlights evolving tactics such a…