Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
Between September 2 and October 31, 2024, an INTERPOL-led operation dubbed Serengeti resulted in the arrest of 1,006 suspects and the takedown of 134,089 malicious infrastructures and networks in 19 African countries. The joint INTERPOL and AFRIPOL operation specifically targeted criminals behind “ransomware, business email compromise (BEC), digital extortion and online scams.” Read full article.
In a December 12 press release, the U.S. Department of Justice (DOJ) announced the seizure of Rydox, an illicit, online marketplace known for selling “stolen personal information, access devices, and other tools for carrying out cybercrime and fraud.” The press release also revealed the arrest of three Kosovo nations for serving as Rydox’s administrators. Two of the administrators were arrested in Kosovo while the third was arrested in Albania. Article here.
An INTERPOL-led operation dubbed Operation HAECHI V has resulted in the arrest of over “5,500 financial crime suspects and the seizure of more than USD 400 million in virtual assets and government-backed currencies.” Law enforcement from 40 countries participated in the five-month operation, which began in July 2024. As highlighted in an INTERPOL press release, the initiative specifically targeted seven types of frauds: “voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, business email compromise fraud and e-commerce fraud.” Read more.
In a November 22 report, Microsoft Threat Intelligence analysts revealed that the North Korean threat actor Sapphire Sleet stole over $10 million worth of cryptocurrency over six months. According to the report, Sapphire Sleet—also tracked as APT38, BlueNoroff, CageyChameleon, and CryptoCore—has engaged in cryptocurrency theft and “computer network exploitation activities since at least 2020.” Read here.
In a December 10 press release, the U.S. Department of the Treasury (USDT) announced its sanctioning of the Chinese cybersecurity firm Sichuan Silence Information Technology Company for its role in the targeting of firewalls worldwide in April 2020. Companies targeted in the series of ransomware attacks also included U.S. critical infrastructure companies. The U.S. Department of Justice (DOJ) has also charged a Sichuan Silence employee—Guan Tianfeng—for his involvement in the same hacking campaign. Learn more.
On December 4, Romania’s top security council declassified reports from its intelligence agencies which revealed an extensive influence operation carried out by Russia against the Romanian presidential election. According to the agencies’ findings, Romania’s election infrastructure was the target of over 85,000 cyber attacks. Furthermore, in the weeks leading up to the first round of the presidential election, intelligence agencies identified 25,000 TikTok accounts supporting Călin Georgescu, a far-right candidate who has “vowed to end all Romanian aid to neighboring Ukraine.” Read full article.
A 26 November report from Recorded Future’s Insikt Group revealed an additional influence operation carried out by a Russia-based entity in an effort to influence public opinion regarding the ongoing Russia-Ukraine war. The campaign—dubbed “Operation Undercut”—was executed by the Social Design Agency (SDA), which the United States sanctioned in March, 2024, for “providing services to the government of Russia in connection with a foreign influence campaign.” Operation Undercut has been observed targeting audiences in the United States, Ukraine, and Europe. Read full article.
In a December 16 Private Industry Notification (PIN), the Federal Bureau of Investigation (FBI) warned of HiatusRAT actors targeting Chinese-branded web cameras and DVRs. HiatusRAT—a Remote Access Trojan (RAT) used by threat actors to remotely gain control of a device—has focused on targeting devices waiting for security patches. This malicious activity was observed in March 2024, when the threat actors carried out a scanning campaign targeting Internet of Things (IoT) devices in several countries, including the U.S. Learn more.
Products
Services
Use Cases