Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
Ukraine, Germany, and the United States are heavily targeted in Russia’s “Operation Doppelganger” – a new wave of fake news stories distributing falsehoods via news sites and social media accounts controlled by the actors involved. The companies involved are Structura National Technologies and Social Design Agency. The world is well aware of continued dis- and misinformation efforts by Russia. As the war in Ukraine continues, and the US 2024 election approaches, these efforts are expected to grow and continue. Read full article.
After weeks of speculation that downtime on the leak site for Ransomware group Blackcat/ALPHV was due to law enforcement action, the site has officially been seized. The DOJ announced that the FBI had successfully breached the ALPHV ransomware operation’s servers to monitor their activities and decryption keys. The site had been suffering issues since Dec 7, which the group had attributed to technical issues despite reports of Law Enforcement action. However, a new message soon appeared on the site, claiming that the site had been unseized and providing a new onion address for the leak site.
The message is translated as follows:
BEGINS
As you all know the FBI got the keys to our blog, now we’ll tell you how it was.
First of all, as everything happened, having studied their documents, we understand that they received access to one of the DC, because all the other CCs were not touched, it turns out that they somehow hacked one of our hosters, maybe even he helped them.
The maximum they have these keys in the last month and a half, it’s about 400 companies, but now they’re more than 3,000 companies will never get their keys.
Because of their actions, we introduce new rules, or rather remove ALL rules, except one, you cannot touch the CIS, you can now block hospitals, nuclear power plants, anything and anywhere.
Reight is now 90% for all the adverts.
We do not issue any discounts to companies, payment strictly the amount that we indicated.
VIP adverts receive their private affiliate program, which we raise only for them, at a separate center, full, isolated from each other.
Thank you for your experience, we will take into account our mistakes and will work even tighter, waiting for your dive in chats and requests to make discounts that are no longer available.
ENDS
The site is currently showing as seized again. Read article.
Kyivstar suffered a cyberattack that took most internet and phone services completely offline on December 12, 2023. The incident also impacted the air-raid alert system as well as some financial sector operations. Initial reports detail that 25 million mobile users and over 1 million home internet users were affected. Kyivstar issued a public statement that it would compensate these users who didn’t have service for the outage. Kyivstar indicated that this incident occurred as a result of the Ukraine-Russia war but didn’t provide evidence for this claim. Read full article.
Russian national Vladimir Dunaev was arrested in 2021 and extradited to the United States in the same year. He recently (November 30, 2023) pled guilty to developing the Trickbot malware, which was a banking trojan turned initial access tool for ransomware attacks. Dunaev is the second actor to be arrested for his role in Trickbot, and will be sentenced in 2024; the first was a Latvian national who was sentenced in June of 2023. Article here.
German law enforcement announced the seizure of Kingdom market a darkweb marketplace known to sell drugs, hacking tools and counterfeit documents. One of the administrators of the site was reported to have been arrested in the US. A seizure notification was posted on their onion site. The site has operated since March 2021 and was one of the most well-known dark marketplaces. It was announced that investigations were ongoing to identify the people who operated the site aided by the seizure of their infrastructure. Other marketplaces have taken this opportunity to invite sellers to their sites to continue their operations via Dread. Read article.
Kelvin Security group is a prolific hacking group who are quite active on BreachForums and RaidForums, selling stolen data for profit. Spanish law enforcement revealed they arrested a Venezuelan national who is a possible leader of the group on December 07, 2023. This actor was heavily involved in the group’s financial activities, such as moving money through various cryptocurrency exchanges to make tracing funds more difficult for authorities. Read full article here.
Australia-based Austal USA, a shipbuilding company, revealed it was the victim of a cyberattack as of December 6, 2023. Austal USA itself is a subsidiary of Austal and has contracts and multiple programs working with the US Navy. Ransomware gang Hunters International group claimed responsibility for the incident. Read article.
The Darkweb marketplace BidenCash has reportedly released 1.9million credit cards for free. This is the third time that they have made such a release although the validity of the cards is not confirmed. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites. Article here.
Products
Services
Use Cases