Nobelium Espionage Campaign Persists, Service Providers in Crosshairs

In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that targeted SolarWinds in 2020. The U.S. government has identified Nobelium as part of Russia’s foreign […]

The post Nobelium Espionage Campaign Persists, Service Providers in Crosshairs appeared first on Security Intelligence.

Continue reading Nobelium Espionage Campaign Persists, Service Providers in Crosshairs

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed […]

The post Detections That Can Help You Identify Ransomware appeared first on Security Intelligence.

Continue reading Detections That Can Help You Identify Ransomware

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […]

The post Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds appeared first on Security Intelligence.

Continue reading Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments

As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses […]

The post X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments appeared first on Security Intelligence.

Continue reading X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments

LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment

After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure. According to IBM X-Force, a major spike in data leak activity on the gang’s new website indicates that their recruitment attempts have been […]

The post LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment appeared first on Security Intelligence.

Continue reading LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment

Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has never been more imperative that […]

The post Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight appeared first on Security Intelligence.

Continue reading Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

Red & Blue: United We Stand

Offensive and defensive security are typically viewed as opposite sides of the same fence. On one side, the offensive team aims to prevent attackers from compromising an organization, whereas on the other side the defensive team aims to stop attackers once they are inside. The fence, metaphorically speaking, is the adversary. The adversary’s moves, motives […]

The post Red & Blue: United We Stand appeared first on Security Intelligence.

Continue reading Red & Blue: United We Stand

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […]

The post Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon appeared first on Security Intelligence.

Continue reading Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […]

The post Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang appeared first on Security Intelligence.

Continue reading Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

This blog supplements a Black Hat USA 2021 talk given August 2021.  IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […]

The post ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group appeared first on Security Intelligence.

Continue reading ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group