Blog and Groups - Information Management Today

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them

Data Breach Today

MARCH 15, 2024

Don't Let the Quest for Data Lead You to Amplify What Criminals Might Be Claiming For the love of humanity, please stop playing into ransomware groups' hands by treating their data leak blogs as reliable sources of information and then using them to build lists of who's amassed the most victims.

Ransomware

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Passwords

Passwords Phishing Access Encryption

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. According to a September 20, 2023 joint advisory from the FBI and the U.S. According to a September 20, 2023 joint advisory from the FBI and the U.S.

Ransomware

Ransomware Data breaches Encryption Systems administration

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Ransomware Group Turns to Facebook Ads

Krebs on Security

NOVEMBER 10, 2020

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. ”

Ransomware

Ransomware IT Security

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web.

Ransomware

Ransomware Privacy Security IT

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. 22, 2020, the U.S.

Ransomware

Ransomware Government Security IT

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and one in South Korea.

Ransomware

Ransomware Encryption Healthcare Insurance

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Experts attributed the attacks, with low confidence, to a China-linked APT group. “Attribution is difficult, and threat actors are known to use indicators from other groups as false flags.

Government

Government Phishing Archiving Cybersecurity

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Ransomware

Ransomware Education Cybersecurity Security

J. Renee Group Steps up seasonal sales

OpenText Information Management

OCTOBER 26, 2023

Renee Group has designed and manufactured bold footwear styles across a range of categories, including comfort, casual dress, dress, and special occasion. Renee Group Steps up seasonal sales appeared first on OpenText Blogs. Renee Group Steps up seasonal sales appeared first on OpenText Blogs.

Sales

Sales Manufacturing Retail Marketing

Manutan Group combines digital services with the human touch to delight customers

OpenText Information Management

JANUARY 31, 2024

At Manutan Group, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our group has three divisions, serving companies, local authorities, and tradespeople, employing 2,100 people across 26 subsidiaries.

Marketing

Marketing Customer Experience Communications Retail

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware

Ransomware Sales IT Security

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. “With different levels of superiority, command lines and tasking. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Security Government

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

(USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Resecurity, Inc.

Government

Government Cybersecurity IoT Security

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

The ransomware group added the company to the list of victims on its Tor leak site, it claims to have stolen the source code from the company, including a framework to develop bios, and private keys. MSI is headquartered in Taipei, Taiwan.

Ransomware

Ransomware IT Manufacturing Education

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

Iran-linked APT groups started exploiting Papercut flaw

Security Affairs

MAY 9, 2023

Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers. Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers. 21.2.11, and 22.0.9 We are in the final!

Cybersecurity

Cybersecurity Authentication Access Security

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Phishing

Phishing Cloud Government Education

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

Security Affairs

APRIL 26, 2023

Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion. intelligence documents.

Cybersecurity

Cybersecurity Education Authentication Security

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) The experts speculate that the backdoor is likely linked to an Iran-linked APT group. The experts speculate that the backdoor is likely linked to an Iran-linked APT group. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Phishing

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. The BATLOADER was hosted on domains created by the group to appear as legitimate software download sites (i.e.

Ransomware

Ransomware Phishing Encryption Access

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Security Affairs

MAY 16, 2023

French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack.

Manufacturing

Manufacturing Ransomware Sales Encryption

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The domain used by the DEX file belongs to the Lemon Group ( js [.]big

Libraries

Libraries Communications Big data Passwords

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries. akkim@protonmail[.]com

Ransomware

Ransomware Encryption Cybersecurity Security

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Security Affairs

APRIL 6, 2022

Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure. Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. Pierluigi Paganini.

Manufacturing

Manufacturing IT Ransomware Cybersecurity

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware.

Cybersecurity

Cybersecurity Ransomware Education Authentication

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. The experts at the Citizen Lab, in collaboration with Catalan civil society groups, have identified at least 65 individuals targeted or infected with spyware. and before iOS 13.5.1.”

Government

Government Cybersecurity Security Access

Ransomware Groups Look for Inside Help

eSecurity Planet

AUGUST 23, 2021

“Historically, ransomware has been delivered via email attachments or, more recently, using direct network access obtained through things like unsecure VPN accounts for software vulnerabilities,” Crane Hassold, director of threat intelligence at Abnormal Security, wrote in a blog post. Evolving Ransomware Scene. Filling the Void.

Ransomware

Ransomware Phishing Cybersecurity File names

Pro-Russia group NoName took down multiple France sites, including the French Senate one

Security Affairs

MAY 5, 2023

The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName. The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline. We are in the final!

Cybersecurity

Cybersecurity Government Security Access

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns. eXplorer.

Security

Security Phishing Information Security Communications

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware.

Archiving

Archiving Education Phishing Cybersecurity

Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

Security Affairs

MAY 2, 2022

The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. based corporations. Government.

Cybersecurity

Cybersecurity Government Paper Information Security

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

APRIL 10, 2022

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer , NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. Why CTI is fun? Pierluigi Paganini.

Ransomware

Ransomware Encryption Military Cybersecurity

China-linked TA413 group actively exploits Microsoft Follina zero-day flaw

Security Affairs

JUNE 1, 2022

A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) Pierluigi Paganini.

Archiving

Archiving Cybersecurity Phishing Security

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

During the two-month investigation, McAfee researchers were able to narrow down the list of suspects to two advanced persistent threat (APT) nation-state groups that have links to China. Chinese-Linked APT Groups Likely Suspects. PlugX, Winnti and some other custom tools all point to a group that had access to the same tools.

Military

Military Access Manufacturing Phishing

Ransomware Groups are Targeting VMs

eSecurity Planet

JUNE 30, 2021

More recently, Yelisey Boguslavskiy, a security researcher with cybersecurity firm Advanced Intel, earlier this month found that the high-profile ransomware group REvil is using a Linux encryptor that leverages VMware ESXi VMs and also can work on network-attached storage (NAS) systems. “The motivation behind the tactic is stealth. .

Ransomware

Ransomware Cybersecurity Digital transformation Cloud

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

eSecurity Planet

DECEMBER 15, 2021

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Expanding Log4j Attacks.

Ransomware

Ransomware Cybersecurity Access Libraries

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites

Security Affairs

APRIL 30, 2022

The attacks were allegedly launched by Pro-Russian group Killnet, below is the list of targeted websites: gov.ro (Romania’s Government) mapn.ro (Ministry of Defense) politiadefrontiera.ro (Romanian Border Police) cfrcalatori.ro (Romania’s National Railway Transport Company) otpbank.ro (commercial bank operating in Romanian).

CMS

CMS Government Cybersecurity Security

Major Hotel Group Leaks 1TB of Customer Data

Adam Levin

NOVEMBER 26, 2019

A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. Our team was able to access this server because it was completely unsecured and unencrypted,” announced VPN review website vpnMentor in a blog article describing their findings. .

B2B

B2B GDPR Phishing Ransomware

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.

Phishing

Phishing Blockchain Military Passwords

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Webinars

Trending Sources

A Closer Look at the Snatch Data Ransom Group

Webinars

Ransomware Group Turns to Facebook Ads

Ransomware Group Debuts Searchable Victim Data

Conti Ransomware Group Diaries, Part I: Evasion

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

New RA Group ransomware gang is the latest group using leaked Babuk source code

Unknown APT group is targeting Russian government entities

Cybercrime group exploits Windows zero-day in ransomware attacks

J. Renee Group Steps up seasonal sales

Manutan Group combines digital services with the human touch to delight customers

FIN8 Group spotted delivering the BlackCat Ransomware

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Google TAG warns of Russia-linked APT groups targeting Ukraine

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Money Message ransomware group claims to have hacked IT giant MSI

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Iran-linked APT groups started exploiting Papercut flaw

China-linked APT41 group spotted using open-source red teaming tool GC2

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

New PowerExchange Backdoor linked to an Iranian APT group

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Experts linked multiple ransomware strains North Korea-backed APT38 group

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Ransomware Groups Look for Inside Help

Pro-Russia group NoName took down multiple France sites, including the French Senate one

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

NB65 group targets Russia with a modified version of Conti’s ransomware

China-linked TA413 group actively exploits Microsoft Follina zero-day flaw

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

Ransomware Groups are Targeting VMs

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites

Major Hotel Group Leaks 1TB of Customer Data

Calendar Meeting Links Used to Spread Mac Malware

Stay Connected