Collaborate Disseminate
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant. Continue reading Who Wrote the ALPHV/BlackCat Ransomware Strain?
State-sponsored hacking groups have been uncharacteristically quiet leading up to the Olympic Games next month in Beijing. Researchers say there’s one big reason why: No one wants to get on the bad side of China. “Disruptive Russian, Iranian, and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to manifest due to the close relationships those countries maintain with the host nation, China,” Recorded Future researchers write in a report on potential cybersecurity threats to the games released Wednesday. Although high-level attacks are unlikely, the Winter Games still present a target-rich environment for nation-state groups that focus on cyber-espionage, researchers say. And — as is typical for any large international event — cybercriminals also will be looking for opportunities to scam athletes, organizers, volunteers and fans during the Winter Games. Beware of SIM cards Advanced persistent threat (APT) groups from Iran and Russia, while unlikely to attack China […]
The post APTs quiet ahead of Beijing games, but financially motivated hackers are still lurking, research says appeared first on CyberScoop.
Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively. When disruptive ransomware pays off, those who have studied the phenomenon say, it can embarrass victims. It can be used to steal data and leak sensitive information the public. It can lock up systems, disabling targets. And given the prominence of ransomware, it’s another method that foreign intelligence and military agencies can use […]
The post Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. appeared first on CyberScoop.
Police in Ukraine on Thursday said they broke up a ransomware gang allegedly responsible for extorting more than 50 companies across Europe and the U.S. for more than $1 million. The Ukrainian Cyberpolice, a division of the country’s national police, announced the arrest of an unnamed 36-year-old man who they say partnered with his wife and three others to carry out ransomware attacks. The group is also accused of providing virtual private network (VPN) services to other criminals for a fee. VPNs are widely and legally used around the world to shield portions of internet traffic and obscure the end-user’s IP address. But police in Ukraine say this VPN service also allowed customers to download computer viruses, spyware and other malware. “It was a purely ‘gangster’ service created by criminals for criminals and not under the control of any government or law enforcement agencies,” the Security Service of Ukraine said in […]
The post Ukrainian authorities arrest suspected ransomware ringleader appeared first on CyberScoop.
Continue reading Ukrainian authorities arrest suspected ransomware ringleader
An under-the-radar ransomware group that’s been attacking schools, hospitals and other critical infrastructure has tried to cover its tracks by rebranding, according to findings from researchers at Mandiant. Sabbath, a rebrand of the ransomware group Arcane, “is unfortunately not slowing down” in its attacks, Tyler McLellan, principal analyst at Mandiant, said in a statement. “They picked up their pace right into November 2021, when its public shaming portal mysteriously went offline.” Researchers first caught onto Sabbath in October, when it held the data of a Texas school district for school for ransom. Interestingly, the group turned to social media platform Reddit to make its ransom demand. Ransomware gangs often host their own websites where they shame victims and threaten to leak data. Sabbath eventually launched its own victim site, which researchers found nearly identical to that of a formerly active group that went by the name Arcane. The two groups […]
The post Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny appeared first on CyberScoop.
Continue reading Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny
Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them. Continue reading Microsoft Patch Tuesday, November 2021 Edition
A suspected Russian disinformation campaign used manipulated images and fabricated internet personas to promote false narratives online in an effort to sow mistrust in Sweden and Europe, according to new findings. The propaganda effort known as Secondary Infektion is “highly likely” behind an effort that involved a photoshopped screenshot meant to appear as if it originated on the website of Sweden’s Riksdag, the national legislature, the threat intelligence company Recorded Future said in a report published Tuesday. Secondary Infektion is an operation dating back at least two years, with researchers blaming the suspected Russian outfit for forging documents, stirring outrage via social media and generating negative sentiment around the North Atlantic Treaty Organization in countries such as Ukraine. Researchers have pointed to Secondary Infektion as an example of political warfare that uses digital means to try to destabilize foreign governments. In the latest case, Recorded Future investigators observed an account […]
The post Secondary Infektion, a Russian disinformation outfit, impersonated Swedish lawmaker appeared first on CyberScoop.
Continue reading Secondary Infektion, a Russian disinformation outfit, impersonated Swedish lawmaker
When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the cybercriminal underground. Before going dark, the Russia-based gang attracted attention from the White House for two attacks that disrupted U.S. supply chains: the May breach at global meat supplier JBS that netted a reported $11 million payment, and a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. REvil’s sudden disappearance left hackers that had been leasing out the group’s ransomware tools to conduct their own attacks, also known as affiliates, in the lurch. Almost immediately, several affiliates opened arbitration cases against the group on illicit forums. One hacker “Boriselcin” claimed on the XSS forum that the REvil owed him money before it disappeared. While the two parties quickly resolved the case, not all disputes end so quietly, according to researchers who study dark […]
The post Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions appeared first on CyberScoop.
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. Continue reading Microsoft Patch Tuesday, September 2021 Edition
Operators of an apparent Russian propaganda campaign shared coronavirus disinformation in an effort to influence the American far-right, according to a report out Tuesday by cybersecurity firm Recorded Future. The findings are included in a new report shedding light on a long-running Russian propaganda campaign known as Operation Secondary Infektion. The years-long campaign has used regional European websites, forged documents and throwaway accounts to further Russia’s political agenda in Europe. Secondary Infektion is perhaps best known for spreading disinformation through small, local websites, then promoting fabricated narratives on social media, with mixed success. Secondary Infektion promotes narratives in line with Russia’s political agenda in Europe, leading researchers to believe the group supports Russia’s intelligence apparatus. Since 2014 the group has staged a number of campaigns, including using fake tweets from accounts like Sen. Marco Rubio, R-Fla. to spread a false narrative that British citizens planned to assassinate Prime Minister Boris […]
The post Suspected Russian operatives tried to stir far right outrage about COVID-19 on 4chan appeared first on CyberScoop.