Analysis, Groups and Mining - Information Management Today

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. .

Mining

Mining Cloud Security IT

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. penned a two-part analysis on why smart contracts will make ransomware more profitable. We start ddosing. Crypto falls in price. We buy at a low price.

Ransomware

Ransomware Mining Blockchain Sales

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. ” reads the analysis published by Crowdstrike. The mining efforts by the pods are contributed back to a community pool, which distributes the reward (i.e., ” continues the report.

Mining

Mining Privacy IT Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence , over a year, the number of shadow-forum ads offering mining software has increased fivefold (H1 2018 vs H1 2017).

Mining

Mining Marketing IoT Compliance

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. ” reported Trend Micro. ” reported Trend Micro.

Healthcare

Healthcare Phishing e-Discovery Mining

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

The analysis of the scripts executed in the attacks and the tools used to deliver the miners allowed the researchers to link the campaign to TeamTNT. ” reads the analysis published by Trend Micro. . ” reads the analysis published by Trend Micro. ” continues the analysis. ” concludes the report.

Mining

Mining Security IT Information Security

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Pierluigi Paganini.

IT

IT Libraries Mining Security

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. ” reads the analysis published by Trend Micro. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining

Mining Cloud Security Access

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. which according to google translate would be: “PIK Group of Companies order details”. According to zcashnetwork the attacker’s wallet received from mining activity 4.89

Ransomware

Ransomware Mining File names Encryption

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. ” reads the analysis published by CrowdStrikes. Kills known network connections.

Mining

Mining Cloud Access Cybersecurity

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group , aimed at organizations worldwide. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet. Analysis of the code indicates that it could be used as a distributed denial of service (DDoS) platform if enough devices are compromised.

Mining

Mining IoT Blockchain Risk

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Security

Security e-Discovery Artificial Intelligence Ransomware

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Security Affairs

MARCH 9, 2023

Fortinet researchers observed the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks. ” reads the analysis published by Fortinet. ” The group is known for exploiting publicly disclosed vulnerabilities to compromise targets. 210 and 185[.]17[.]0[.]19

Mining

Mining Encryption Sales Security

Russian Infostealer Gangs Steal 50 Million Passwords

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Eight of the groups use Raccoon malware, 23 use Redline, and three use custom stealers. Gaming Becomes a Target.

Passwords

Passwords Phishing Mining Marketing

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. ” reads the analysis published by Kaspersky. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Ransomware

Ransomware Mining Communications IT

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. ” concludes the report.

Cloud

Cloud Libraries Mining IT

How to unlock a scientific approach to change management with powerful data insights

IBM Big Data Hub

JANUARY 10, 2023

Grasping these opportunities at IBM, we’re increasingly building our specialism in process mining and data analysis tools and techniques we believe to be true ‘game changers’ when it comes to building cultures of continuous change and innovation.

Mining

Mining Analytics Digital transformation Data science

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

APRIL 20, 2021

Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. As the largest organization dedicated to the analysis of software, Gartner’s network of analysts are well connected to the technology and software industries. What was the best news you heard so far this month? But why should they?

Marketing

Marketing Mining Cloud Cybersecurity

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. ” continues the report.

Mining

Mining Passwords Communications IT

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” reads the analysis published by Guardicore.

Mining

Mining Passwords Education Cybersecurity

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Evasion and Persistence: The botnet achieves persistence in multiple ways; kills running processes, potentially competing for mining tools and eliminates EDR. Excellent analysis of the previous version by AWAKE’s Patrick Olsen: [link]. They are grouped in 2 groups. What’s new in this version of the botnet?

Mining

Mining IoT Cloud IT

North Korea-linked APT37 targets journalists with GOLDBACKDOOR

Security Affairs

APRIL 26, 2022

North Korea-linked APT37 group is targeting journalists that focus on DPRK with a new piece of malware. North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. ” reads the analysis published by Stairwell. ” continues the analysis.

Archiving

Archiving Phishing Mining Cybersecurity

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw ( CVE-2021-44228 ) and deployed a cryptomining malware. ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Mining

Mining Government Cybersecurity Libraries

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

FEBRUARY 8, 2022

” reads the analysis published by Kaspersky. The analysis of Wroba.g/Wroba.o Since then, the criminal group has continued its attack activities by using various malware families such as HEUR:Trojan-Dropper.AndroidOS.Wroba, and various attack methods such as phishing, mining, smishing and DNS poisoning.

Phishing

Phishing Mining IT Security

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. In March, the group was using a dropper dubbed LSD that was controlled via Pastebin, but since this summer the threat actors have changed Command and Control (C2) infrastructure using a self-hosted solution.

Mining

Mining Cloud Security Access

Accelerating your transition from traditional BI to advanced analytics with data intelligence

Collibra

MARCH 12, 2024

The term “advanced analytics” gained widespread recognition in the fields of data analysis and business intelligence (BI) during the early 2000s. This enables business users to make better-informed decisions based on more sophisticated analysis that goes beyond purely historical data reporting. What is advanced analytics?

Analytics

Analytics Mining Metadata Big data

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption

Encryption Honeypots Mining Communications

FRANCE: CNIL publishes initial analysis on Blockchain and GDPR

DLA Piper Privacy Matters

OCTOBER 15, 2018

Designating one participant to make decisions for the group and act as data controller. Although this is a preliminary analysis of the CNIL, it is certainly interesting to know its position on this topic, and to see that its approach is rather pragmatic and takes into account the constraints imposed by the Blockchain technology.

Blockchain

Blockchain GDPR Personal data Encryption

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

.” reads the analysis published by Palo Alto Networks. ” The malicious code was attributed to a popular crime gang tracked as the Iron Group. Hackers attempt to monetize their efforts through coin-mining activities on Windows systems or with ransomware based attacks on Linux servers running database services.

Ransomware

Ransomware Mining Passwords Security

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies.

Mining

Mining Systems administration Encryption Authentication

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

In many cases, this code is designed to avoid detection and the attacker can now deface your website, inject inappropriate ads or even mine for bitcoin. By injecting their own JS to Inbenta’s servers which then got loaded on to the ticketing website, the Magecart group of attackers were able to steal over 60K credit card numbers.

IT

IT Risk Mining Analytics

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

” reads the analysis published Symantec. The DOUBLEPULSAR and ETERNALBLUE are now available for anyone after the archive of NSA tools was leaked online by ShadowBrokers hacker group. ” continues the analysis. “ Beapy ( W32.Beapy Beapy ) is a file-based coinminer that uses email as an initial infection vector.”

Mining

Mining Archiving Phishing Passwords

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. The Linux malware is the well-known “ Shellbot ”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group. ”. Technical Analysis.

Mining

Mining File names Honeypots IT

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Tips on collecting data for social network analysis (SNA)

ChiefTech

NOVEMBER 2, 2008

As a healthy but slight change from recent topics , I was going through some old notes and thought it might be worthwhile sharing some tips with you about collecting data for Social Network Analysis (SNA). Just as brief overview, Social Network Analysis (SNA) is a tool that provides a technique for analysing informal networks.

Mining

Mining Data collection Communications Privacy

Supply Chain Flaws Found in Python Package Repository

eSecurity Planet

AUGUST 3, 2021

Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog. In June, researchers with Sonatype, a supply chain security provider, found six malicious typosquatting packages in the repository that included crypto-mining malware.

Mining

Mining Security Archiving IT

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019 , detected and analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB is a member of the World Economic Forum.

Ransomware

Ransomware Archiving Passwords Encryption

2023 Archive-It Partner Meeting Recap

Archive-It

AUGUST 10, 2023

Also on video, Emily Collier then spoke more to the technical challenges of preserving the social media content these student groups produce and the workarounds the UK team has adopted. Karl Blumenthal demonstrates Voyant for text mining analysis on ARCH datasets.

Archiving

Archiving IT Metadata Libraries

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Security Affairs

APRIL 23, 2019

” reads the analysis published by Kaspersky. ” continues the analysis. The investigators also found a connection between the ASUS attack to the ShadowPad backdoor that was first detected in 2017 and that was attributed to the Axiom group (also known as APT17 or DeputyDog ). ” Kaspersky concludes. .

Mining

Mining Encryption IT Government

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 175 – News of the week appeared first on Security Affairs.

Security

Security MDM Mining Marketing

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The group has allegedly exfiltrated more than 10 million files. Welcome to this week’s round-up of the biggest and most interesting news stories. Data breached: 41,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

Pacha Group declares war to rival crypto mining hacking groups

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Webinars

Trending Sources

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Webinars

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Russia-linked APT28 and crooks are still using the Moobot botnet

TeamTNT group targets poorly configured Docker servers exposing REST APIs

TeamTNT group adds new detection evasion tool to its Linux miner

New MrbMiner malware infected thousands of MSSQL DBs

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Ransomware, Trojan and Miner together against “PIK-Group”

Lemon_Duck cryptomining botnet targets Docker servers

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Russian Infostealer Gangs Steal 50 Million Passwords

StripedFly, a complex malware that infected one million devices without being noticed

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

How to unlock a scientific approach to change management with powerful data insights

Note to Self: Create Non-Exhaustive List of Competitors

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

North Korea-linked APT37 targets journalists with GOLDBACKDOOR

Iran-linked threat actors compromise US Federal Network

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Chinese-speaking cybercrime gang Rocke changes tactics

Accelerating your transition from traditional BI to advanced analytics with data intelligence

TeamTNT is back and targets servers to run Bitcoin encryption solvers

FRANCE: CNIL publishes initial analysis on Blockchain and GDPR

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Crooks continue to abuse exposed Docker APIs for Cryptojacking

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Tips on collecting data for social network analysis (SNA)

Supply Chain Flaws Found in Python Package Repository

Ransomware Revival: Troldesh becomes a leader by the number of attacks

2023 Archive-It Partner Meeting Recap

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Security Affairs newsletter Round 175 – News of the week

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

Stay Connected