Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Russia sentences Hydra dark web market leader to life in prison
Source: BLEEPING COMPUTER
Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have been convicted for their involvement in the production and sale of nearly a ton of drugs. Read more.
Threat Assessment: Howling Scorpius (Akira Ransomware)
Source: Unit 42
Akira is a RaaS group we track as Howling Scorpius. This group employs a double extortion strategy, exfiltrating critical data from a network before executing its encryption process. This double extortion tactic allows the group to leak stolen data even if victims recover their systems without paying, maximizing the pressure to comply. Read more.
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Source: The Hacker News
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. Read more.
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
Source: SECURELIST
According to our telemetry, the campaign began around March 2023 and hit more than a thousand private users, retailers and service businesses located primarily in Russia. We dubbed this campaign Horns&Hooves, after a fictitious organization set up by swindlers in the Soviet comedy novel The Golden Calf. Read more.
Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024
Source: TREND MICRO
The spear-phishing emails used in this campaign were sent either from free email accounts or from compromised accounts. The emails contained a URL link to a OneDrive. They included a message in Japanese encouraging the recipient to download a ZIP file. Read more.
Hearts Stolen, Wallets Emptied: Insights into CryptoLove Traffer’s Team
Source: TRAC Labs
CryptoLove is a traffer’s group specializing in crypto scams for over two years, recruiting workers to spread stealers through custom launchers and loaders that can track every stage of payload delivery. Read more.
Ransom gang claims attack on NHS Alder Hey Children’s Hospital
Source: The Register
INC Ransom, the group that claimed responsibility for an attack on NHS Scotland in June this year, now claims to have stolen data from Liverpool’s Alder Hey Children’s Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust. Read more.
Gaming Engines: An Undetected Playground for Malware Loaders
Source: CHECK POINT
The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. Read more.
Police bust pirate streaming service making €250 million per month
Source: BLEEPING COMPUTER
Italy’s Postal and Cybersecurity Police Service announced the action, codenamed “Taken Down,” stating they worked with Eurojust, Europol, and many other European countries, making this the largest takedown of its kind in Italy and internationally. Read more.
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
Source: Trustwave
We have associated this campaign with a phishing kit called Rockstar 2FA, which is an updated version of the DadSec/Phoenix phishing kit. Microsoft tracks the threat actor behind this as Storm-1575, where ‘Storm-####’ is a temporary label for emerging or unidentified threat clusters. Read more.