Threat Intelligence RoundUp: October

November 04, 2024

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Discord blocked in Russia and Turkey for spreading illegal content – Bleeping Computer

On October 8, Russian state-owned news agency TASS reported that Russia’s communications regulator blocked Discord “for violating Russian law.” A day later, on October 9, Turkish authorities announced that it too had blocked the instant messaging app. Turkey cited “crimes of ‘child sexual abuse and obscenity’” as the reason for its decision. Many Discord users have since begun to protest the decision online due to the sudden changes which were made without warning. Full article here.

2. U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – The Hacker News

In an October 3 press release, the U.S. Department of Justice (DOJ) announced the seizure of 41 internet domains that have been used by Russian intelligence agents for computer fraud in the U.S. The DOJ’s seizure was coordinated with Microsoft, which seized 66 additional domains used by the same threat actors. According to the DOJ’s press release, the domains were used in a phishing campaign run by the Russian government to steal American citizens’ sensitive information. Read more.

3. Police arrest four suspects linked to LockBit ransomware gang – Bleeping Computer

In a recent press release, Europol announced the arrest of four individuals linked to the ransomware gang LockBit. The first arrest was of a LockBit ransomware developer and occurred in August 2024. Two more individuals were subsequently arrested by British authorities that same month. A fourth suspect—believed to be the administrator of a bulletproof hosting service used by LockBit—was arrested in Madrid by Spain’s Guardia Civil. In addition to the four arrests, the United States, United Kingdom, and Australia also announced sanctions against an actor the UK’s National Crime Agency identified as a “prolific affiliate of LockBit and strongly linked to Evil Corp,” the Russian cyber-crime gang. The UK sanctioned 15 additional Russian citizens for ties to Evil Corp, the US sanctioned six, and Australia sanctioned two. Article here.

4. U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes – The Hacker News

In a September 27 press release, the DOJ announced the indictment of three Iranian nationals allegedly employed by the Islamic Revolutionary Guard Corps (IRGC) for attempting to undermine the U.S. electoral process. The individuals are being charged for hacking into the accounts of “current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns,” as part of Iran’s continued efforts to sow discord and influence U.S. elections. Read article.

5. New FASTCash malware Linux variant helps steal money from ATMs – Bleeping Computer

Cybersecurity researcher HaxRob has discovered a new Linux variant of FASTCash malware being utilized by North Korean hackers. The malware is used to infect payment switch systems and perform “unauthorized withdrawl[s] of cash from ATMs.” The new Linux variant is reportedly similar to the previous Windows and AIX variants of FASTCash. Full article here.

6. China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration – The Hacker News

Researchers at the cybersecurity firm ESET have identified a new China-aligned threat actor dubbed CeranaKeeper. The threat actor has been observed targeting governmental entities predominantly in Southeast Asia since early 2022. Targets have included Thailand, Myanmar, the Philippines, Japan, and Taiwan. Most notably, starting in 2023, CeranaKeeper has targeted government entities in Thailand specifically. These targets are consistent with those previously targeted by Chinese state-sponsored threat actors. Full article.

7. US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers – Bleeping Computer

In an October 16 press release, the U.S. Department of Justice (DOJ) announced the indictment of two Sudanese nationals for their alleged role in cyberattacks carried out by the hacktivist group Anonymous Sudan. The group, which launched in 2023, has conducted “over 35,000 DDoS attacks in a year” targeting a variety of sectors, including “critical infrastructure, corporate networks, and government agencies in the United States and around the world.” Read more.

8. Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation – The Hacker News

In an October 8 press release, Dutch police announced the arrest of three administrators of “Bohemia/Cannabia,” a notorious dark web market. The international law enforcement operation, which was carried out with the U.K., U.S., and Ireland, resulted in the dismantling of the dual marketplace, which was one of the world’s largest and longest running platforms “for the trade of illegal goods, drugs, and cybercrime services.”  In total, the joint law enforcement operation seized over 8 million euros in cryptocurrency from the arrested platform administrators. Read article.

Cybersecurity researchers from NSFOCUS have discovered a new botnet malware family dubbed “Gorilla Botnet.” According to the cybersecurity firm’s report, between September 4 and September 27, the botnet issued “over 300,000 attack commands, with a shocking attack density.” The botnet has targeted a variety of sectors, including education, government, finance, and communications. Over 100 countries have been impacted, “with China and the U.S. being the hardest hit.” Read more.


Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.