Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
According to new data from TRM Labs, Russian-speaking ransomware groups accounted for 69% of all cryptocurrency ransom payments in 2023. The total exceeded $500 million. LockBit, BlackCat, Black Basta, Cl0p, Play, and Akira were among the most dominant operations in 2023. While North Korea currently leads in cryptocurrency stolen through exploits and breaches, according to the most recent numbers Russia continues to dominate all other malicious activity involving cryptocurrency. Full article here.
On August 12, Ukraine’s Computer Emergency Response Team (CERT-UA) reported that hackers impersonating the Security Service of Ukraine compromised over 100 systems belonging to Ukrainian government agencies. The attacks began as early as July 12 and involved the distribution of phishing emails posing as official communications from the Security Service of Ukraine. The emails included a link to a downloadable file titled “Documents.zip,” which, when downloaded, deployed AnonVNC malware. CERT-UA noted that the attack appears to have predominantly affected “central and local government bodies.” Read more.
On July 25, the U.S. Department of Justice (DoJ) indicted Rim Jong Hyok, a North Korean national, for his involvement in ransomware attacks against healthcare facilities in the United States. According to the DoJ press release, Hyok used proceeds from the extortion of U.S. hospitals to “fund additional computer intrusions into defense, technology, and government entities worldwide.” On the same day as the DoJ indictment, the U.S. Department of State’s Rewards for Justice program announced a reward of up to $10 million for information to help locate Rim Jong Hyok. Article here.
On July 24, Meta announced that it had taken down 63,000 Instagram accounts registered in Nigeria that were connected to sextortion scams. The take-down included a network of 2,500 accounts linked to 20 individuals who were primarily targeting adult men in the United States. According to Meta, the accounts were linked to the cybercrime group “Yahoo Boys.” In addition to the Instagram accounts, Meta also removed more than 7,000 Nigeria-based Facebook accounts, groups, and pages, that were sharing tips on how to conduct scams. Read article.
On August 24, Russian multi-billionaire Pavel Durov, the founder and CEO of the messaging app Telegram, was arrested in France on a warrant in relation to an investigation into criminal activity on Telegram. On August 26, the Paris prosecutor’s office released a statement detailing 12 alleged criminal violations, including complicity in illicit transactions allowed to be hosted on the messaging platform. After four days of questioning, Durov was released from police custody on August 28 and transferred to court, where he was charged by prosecutors for enabling criminal activity on the app. Telegram, which has 950 million users worldwide, differs from mainstream messaging apps in its particularly relaxed content moderation policies. Full article here.
On Monday, August 12, the Federal Bureau of Investigation (FBI) announced that it had seized websites associated with the Dispossessor ransomware operation, also known as Radar. The investigation was carried out by the FBI in conjunction with the U.K.’s National Crime Agency (NCA), the Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the U.S. Attorney’s Office for the Northern District of Ohio. As detailed in FBI’s press release, the joint takedown successfully disrupted three U.S. servers, three U.K. servers, 18 German servers, eight U.S.-based criminal domains, and one German-based domain. Full article.
In a recent advisory, South Korea’s National Cyber Security Center (NCSC) warned that state-backed North Korean hacker groups Kimsuky (APT43) and Andariel (APT45)—previously linked to the Lazarus Group—have carried out campaigns against South Korean entities, notably in the construction sector. The hackers most recently exploited a VPN software update to spread malware. The NCSC attributes the campaigns to North Korea’s Reconnaissance General Bureau and believes the recent hacking activities have been carried out in support of Kim Jong-un’s “Regional Development 20×10 Policy,” an initiative aiming to modernize industrial factories over the next ten years. Read more.
According to Cisco Talos, an undisclosed government-affiliated Taiwanese research institute was the target of a cyber attack carried out as early as July 2023. The cyber attack has been attributed with medium confidence to the Chinese-based hacking group APT41 (also known as Double Dragon, BARIUM, Axiom, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie, Blackfly, and Brass Typhoo). The campaign utilized Cobalt Strike and ShadowPad malware. Read article.
On August 28, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) released a joint Cybersecurity Advisory warning of ransomware attacks carried out by Iran-based threat actors against U.S. organizations. Targeted sectors have included healthcare, defense, and education. According to the FBI’s assessment, it is believed that a “significant percentage” of these operations are intended to “obtain and develop network access to then collaborate with ransomware affiliate actors to deploy ransomware.” As noted by BleepingComputer, the Iran-based hacking group “Pioneer Kitten”—which is believed to be tied to the Iranian government—has breached U.S. organizations and is “working with affiliates of several ransomware operations to extort the victims.” Read more.
Products
Services
Use Cases