ANALYSIS 

DATE

NAME

CATEGORY

SUBCATEGORIES

INFO

8.7.22Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine APTAPTFollowing ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine.
8.7.22THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom

Ransomware

Ransomware

In September 2019, a new version of a worm-like ransomware was reported. This ransomware was known as LockBit. Since then, a new variant of LockBit was discovered, dubbed–LockBit 2.0.
07.7.22Bitter APTAPTAPTThe SECUINFRA Falcon Team analyzed a recent attack conducted by the south-Asian Advanced Persistent Threat group „Bitter“.
07.7.22Hive ransomware gets upgrades in RustRansomwareRansomwareHive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem.

13.6.22

Lyceum .NET DNS BackdoorHackingHackingActive since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on .NET based malwares.

5.6.22

Parrot TDS

HackingHackingA new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the world. The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.

5.6.22

WinDealerMalware

Malware espionage

An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks.

25.5.22

Beneath the surface: Uncovering the shift in web skimmingMalwareMalwareMicrosoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts

23.5.22

Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic BehaviorBotNetBotNetIn March 2020, a hacktivist group called “Digital Revolution” claimed to have hacked a subcontractor to the FSB, the Federal Security Service of the Russian Federation. They claimed the hack occurred in April 2019.

20.5.22

XorDdosMalwareLinuxXorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices.
20.5.22Group-IB presents its annual ransomware guidebook: winning streak continues, avg ransom grows by 45%Cyber-CrimeRansomGroup-IB, one of the global cybersecurity leaders, unveils its second annual guide to the evolution of threat number one "Ransomware Uncovered 2021/2022″. The findings of the second edition of the report indicate that the ransomware empire kept its winning streak going with the average ransom demand growing by 45% to reach $247,000 in 2021.
20.5.22Wizard Spider
In-Depth Analysis
Organized Cyber-CrimeOrganized Cyber-CrimeThis report provides unprecedented visibility into the structure, background, and motivations of Wizard Spider. We’ve obtained command statistics, target country statistics, command execution patterns, and other information on the group’s tactics, techniques, and procedures.
20.5.22CrywareCrywareCrywareIn hot pursuit of ‘cryware’: Defending hot wallets from attacks
20.5.22Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourselfRansomwareRansomwareMicrosoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities.