Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

December 19, 2023

Ransomware : Alphv/BlackCat, touché et presque coulé ?

Le site vitrine de la franchise Alphv/BlackCat affiche désormais un message indiquant qu’il a été saisi par les autorités. Mais une vitrine alternative est en ligne, mais le coup est très sérieux.

15:16
lemagit, FR, 2023, Alphv, BlackCat, Alphv-BlackCat, Ransomware, vitrine
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice

The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.

15:12
justice.gov, EN, 2023, ALPHV, Blackcat, ransomware, group, Disrupts, announce
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site | TechCrunch

The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.

15:10
techcrunch, EN, 2023, ALPHV, BlackCat, cyberattack, cybersecurity, law-enforcement, ransomware, seizure
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch

The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.

14:54
techcrunch, EN, 2023, cyberattack, data-breach, ransomware, Supreme, Vans
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.

14:52
unit42, EN, 2023, TTP, technique, stockpiled, DNS, Malicious, Early-Detection
The Curious Case of Predatory Sparrow

Reconstructing the Attack from a 4th party collector’s point of view
Hamid Kashfi

[Update: December 18th, 2023]: On 18th December, Predator Sparrows launched a second
attack against the fuel distribution system in Iran, similar to their previous operation in 2021.
Since 2021, Iranian officials or third-party security vendors have not published any analysis or
technical details about the original attack, which is not unusual. Their screenshots from the
latest attacks provide some clues that only confirm our previous work, indicating connections to
the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution
system. The following is an old draft from December 2021, which I wrote for peer eyes rather
than public view. The original draft focused on the first attack against the fuel distribution
system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as
little has changed regarding how the system works. The same infrastructure, same suppliers,
and same 3rd party vendors, so we are likely just talking about a different attack vector and
entry point from the previous case. I will probably draft a new note about the recent attack from
scratch soon and when more details are gathered rather than updating the old speculative work.

14:39
darkcell.se, EN, 2023, Predatory-Sparrow, Attack, Iran, Yaas-Arghavani, analysis, distribution, system