Collaborate Disseminate
Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a Russian company in June 2… Continue reading RDP Used by Iranian Actors in International Dharma Ransomware Attacks
The University of Utah paid a fee of more than $450,000 to attackers after they infected a portion of its servers with ransomware. On July 19, 2020, the Information Security Office (ISO) notified the university’s College of Social and Behavioral Scienc… Continue reading University of Utah Paid Over $450K to Ransomware Attackers
Security researchers released a decryption tool that enables victims of WannaRen ransomware to recover their files for free. On August 19, Bitdefender announced that it had made a WannaRen decryption utility publicly available for download. The securit… Continue reading Decryption Tool Released for WannaRen Ransomware
Malicious actors launched credential stuffing attacks that targeted Canada’s GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of re… Continue reading Credential Stuffing Attacks Targeted GCKey, CRA Accounts
The National Cyber Security Centre (NCSC) revealed it had shut down more than 300,000 URLs that linked to investment scams in a four-month period. In a news bulletin published on August 14, NCSC warned users to be on the lookout for investment scams. M… Continue reading NCSC Shut Down 300K URLs Linked to Investment Scams in 4 Months
A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims’ Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link “https://bitly[.]com/33nMLkZ” distributed by a phi… Continue reading Google App Engine, Azure App Service Abused in Phishing Campaign
The Emotet botnet earned the title of “most wanted” malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereb… Continue reading Emotet Botnet Named ‘Most Wanted Malware’ for July 2020
The Federal Bureau of Investigations (FBI) warned of the security risks that organizations face if they continue to use the Windows 7 operating system despite its end of life (EOL) status. In a private industry notification published on August 3, the F… Continue reading FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status
A national of the Republic of Moldova pleaded guilty to his role in a digital crime enterprise that caused hundreds of millions of dollars in losses. On July 31, Valerian Chiochiu (aka “Onassis,” “Flagler,” “Socrate,”… Continue reading Moldovan National Pleaded Guilty to Role in Digital Crime Enterprise
Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-ye… Continue reading Belarus Announces Arrest of GandCrab Ransomware Distributor