Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
10 résultats taggé group  ✕
Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/
17/11/2023 14:55:57
QRCode
archive.org

What defines success for ransomware actors during an attack? Breaching a victim’s network, exfiltrating valuable data, and encrypting systems are crucial components. However, the ultimate measurement of success is the actor’s ability to extort a ransom payment, which determines if they achieve their financial goals. Navigating the ransom negotiation phase, whether conducted by the victims themselves or designated recovery firms, demands a high level of expertise and a deep understanding of the attackers involved. This includes studying of the threat actor’s profile, tactics, and evolving strategies. In this complex landscape, there is no one-size-fits-all playbook for successfully managing the negotiation phase, as each ransomware group exhibits distinct behaviors and adopts new tactics shaped by many factors.

analyst1 EN 2023 LockBit threat-actor TTP ransomware group
Spain police dismantled a cybercriminal group who stole data of 4 million individuals https://securityaffairs.com/152946/cyber-crime/spanish-police-dismantled-cybercriminal-group.html?amp=1
24/10/2023 07:45:31
QRCode
archive.org
thumbnail

The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over 4M individuals.

securityaffairs EN 2023 police arrest cybercriminal group stolen data
The untold history of today’s Russian-speaking hackers https://archive.ph/SypyC
07/08/2023 10:15:51
QRCode
archive.org

Clop, a Russian-speaking hacking group specialising in ransomware, has its own website. Yes, this is a thing — criminals openly encouraging their victims to negotiate a ransom for the return of their data as though it were a legitimate commercial deal.

FT 2023 EN Clop Russian-speaking hacking group ransomware
RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
27/04/2023 13:53:22
QRCode
archive.org
thumbnail

Uptycs threat research team discovered a new ransomware Linux binary attributed to the RTM group Locker, a known Ransomware-as-a-Service (RaaS) provider.

Uptycs EN 2023 ransomware Linux RTM group Locker Ransomware-as-a-Service
Ransomware Group Claims Hack of Amazon's Ring https://www.vice.com/en/article/qjvd9q/ransomware-group-claims-hack-of-amazons-ring
14/03/2023 19:47:22
QRCode
archive.org
thumbnail

The group is blackmailing Ring on its site: "There's always an option to let us leak your data," they posted.

vice EN 2023 Ransomware Group Amazon Ring ALPHV
8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/
22/07/2022 09:16:08
QRCode
archive.org
thumbnail

Low-level crimeware gang has been exploiting misconfigured and publicly accessible Docker and other cloud instances with roaring success.

sentinelone EN 2022 8220 Mining Group 8220Gang docker cloud crimeware
Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group https://cloudsek.com/analysis-and-attribution-of-the-eternity-ransomware-timeline-and-emergence-of-the-eternity-group/
05/06/2022 11:43:12
QRCode
archive.org
thumbnail

XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.

cloudsek 2022 en ransomware Eternity group research selling worms stealers Timeline
A Closer Look at the LAPSUS$ Data Extortion Group https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/
24/03/2022 07:08:28
QRCode
archive.org

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.

krebsonsecurity EN 2022 Lapsus$ group Okta
Lapsus$: when kiddies play in the big league https://www.sekoia.io/en/lapsus-when-kiddies-play-in-the-big-league/
23/03/2022 18:05:52
QRCode
archive.org
thumbnail

You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware.

At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority threats, especially considering their readiness to make dramas and OpSec failures. Except that the group has successfully managed to significantly enrich its victim list with high profile corporations, thus drawing all our attention.

In the following, we will describe the threat actor profile that was drawn by our investigations based either on OSINT, dark web or infrastructure analysis.

sekoia EN 2022 analysis Lapsus$ group
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
23/03/2022 10:22:59
QRCode
archive.org
thumbnail

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.

microsoft EN 2022 LAPSUS$ DEV-0537 extortion research activity threat group
2000 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio