Threat Intelligence RoundUp: December

January 02, 2024

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Russia’s AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany – The Hacker News

Ukraine, Germany, and the United States are heavily targeted in Russia’s “Operation Doppelganger” – a new wave of fake news stories distributing falsehoods via news sites and social media accounts controlled by the actors involved. The companies involved are Structura National Technologies and Social Design Agency. The world is well aware of continued dis- and misinformation efforts by Russia. As the war in Ukraine continues, and the US 2024 election approaches, these efforts are expected to grow and continue. Read full article.

2. FBI disrupts Blackcat ransomware operation, creates decryption tool – BleepingComputer

After weeks of speculation that downtime on the leak site for Ransomware group Blackcat/ALPHV was due to law enforcement action, the site has officially been seized. The DOJ announced that the FBI had successfully breached the ALPHV ransomware operation’s servers to monitor their activities and decryption keys. The site had been suffering issues since Dec 7, which the group had attributed to technical issues despite reports of Law Enforcement action. However, a new message soon appeared on the site, claiming that the site had been unseized and providing a new onion address for the leak site.

The message is translated as follows:

BEGINS

As you all know the FBI got the keys to our blog, now we’ll tell you how it was.

First of all, as everything happened, having studied their documents, we understand that they received access to one of the DC, because all the other CCs were not touched, it turns out that they somehow hacked one of our hosters, maybe even he helped them.

The maximum they have these keys in the last month and a half, it’s about 400 companies, but now they’re more than 3,000 companies will never get their keys.

Because of their actions, we introduce new rules, or rather remove ALL rules, except one, you cannot touch the CIS, you can now block hospitals, nuclear power plants, anything and anywhere.

Reight is now 90% for all the adverts.

We do not issue any discounts to companies, payment strictly the amount that we indicated.

VIP adverts receive their private affiliate program, which we raise only for them, at a separate center, full, isolated from each other.

Thank you for your experience, we will take into account our mistakes and will work even tighter, waiting for your dive in chats and requests to make discounts that are no longer available.

ENDS

The site is currently showing as seized again. Read article.

3. Major Cyber Attack Paralyzes Kyivstar – Ukraine’s Largest Telecom Operator – The Hacker News

Kyivstar suffered a cyberattack that took most internet and phone services completely offline on December 12, 2023. The incident also impacted the air-raid alert system as well as some financial sector operations. Initial reports detail that 25 million mobile users and over 1 million home internet users were affected. Kyivstar issued a public statement that it would compensate these users who didn’t have service for the outage. Kyivstar indicated that this incident occurred as a result of the Ukraine-Russia war but didn’t provide evidence for this claim. Read full article.

4. Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware – The Hacker News

Russian national Vladimir Dunaev was arrested in 2021 and extradited to the United States in the same year. He recently (November 30, 2023) pled guilty to developing the Trickbot malware, which was a banking trojan turned initial access tool for ransomware attacks. Dunaev is the second actor to be arrested for his role in Trickbot, and will be sentenced in 2024; the first was a Latvian national who was sentenced in June of 2023. Article here.

5. German police takes down Kingdom Market cybercrime marketplace – BleepingComputer

German law enforcement announced the seizure of Kingdom market a darkweb marketplace known to sell drugs, hacking tools and counterfeit documents. One of the administrators of the site was reported to have been arrested in the US. A seizure notification was posted on their onion site. The site has operated since March 2021 and was one of the most well-known dark marketplaces. It was announced that investigations were ongoing to identify the people who operated the site aided by the seizure of their infrastructure. Other marketplaces have taken this opportunity to invite sellers to their sites to continue their operations via Dread. Read article.

6. Kelvin Security hacking group leader arrested in Spain – BleepingComputer

Kelvin Security group is a prolific hacking group who are quite active on BreachForums and RaidForums, selling stolen data for profit. Spanish law enforcement revealed they arrested a Venezuelan national who is a possible leader of the group on December 07, 2023. This actor was heavily involved in the group’s financial activities, such as moving money through various cryptocurrency exchanges to make tracing funds more difficult for authorities. Read full article here.

7. Navy contractor Austal USA confirms cyberattack after data leak – BleepingComputer

Australia-based Austal USA, a shipbuilding company, revealed it was the victim of a cyberattack as of December 6, 2023. Austal USA itself is a subsidiary of Austal and has contracts and multiple programs working with the US Navy. Ransomware gang Hunters International group claimed responsibility for the incident. Read article.

8. BidenCash dark web market gives 1.9 million credit cards for free – BleepingComputer

The Darkweb marketplace BidenCash has reportedly released 1.9million credit cards for free. This is the third time that they have made such a release although the validity of the cards is not confirmed. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites. Article here.


Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.