Charlotte Hammond – WindowsTechs.com

The Trickbot/Conti Crypters: Where Are They Now?

Posted on June 27, 2023 by Charlotte Hammond

Despite Conti shutdown, operators remain active and collaborative in new factions In IBM Security X-Force, we have been following the crypters used by the Trickbot/Conti syndicate, who we refer to as ITG23, since 2021 and demonstrated the intelligence that can be revealed through tracking their use in a blog we published last May. One year […]

The post The Trickbot/Conti Crypters: Where Are They Now? appeared first on Security Intelligence.

Continue reading The Trickbot/Conti Crypters: Where Are They Now?→

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

Posted on April 14, 2023 by Charlotte Hammond

Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed “Minodo” to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force experts.

The post Ex-Conti and FIN7 Actors Collaborate with New Backdoor appeared first on Security Intelligence.

Continue reading Ex-Conti and FIN7 Actors Collaborate with New Backdoor→

RansomExx Upgrades to Rust

Posted on November 22, 2022 by Charlotte Hammond

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this […]

The post RansomExx Upgrades to Rust appeared first on Security Intelligence.

Continue reading RansomExx Upgrades to Rust→

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

Posted on August 18, 2022 by Charlotte Hammond

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat […]

The post From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers appeared first on Security Intelligence.

Continue reading From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers→

ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

Posted on May 19, 2022 by Charlotte Hammond

IBM Security X-Force researchers have continually analyzed the use of several crypters developed by the cybercriminal group ITG23, also known as Wizard Spider, DEV-0193, or simply the “Trickbot Group”. The results of this research, along with evidence gained from the disclosure of internal ITG23 chat logs (“Contileaks”), provide new insight into the connections and cooperation […]

The post ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups appeared first on Security Intelligence.

Continue reading ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups→

Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail

Posted on February 25, 2022 by Charlotte Hammond

IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware. The Trickbot Group, which X-Force tracks as ITG23, is a cybercriminal gang known primarily for developing the Trickbot banking Trojan, which was first identified in 2016 and initially […]

The post Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail appeared first on Security Intelligence.

Continue reading Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail→

Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

Posted on August 17, 2021 by Charlotte Hammond

Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […]

The post Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang appeared first on Security Intelligence.

Continue reading Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang→