Group-IB has analyzed an ongoing advanced persistent threat campaign that we believe, with moderate confidence, was launched by a new threat actor. This new APT group, codenamed Dark Pink by Group-IB researchers, is notable due to their specific focus on attacking branches of the military, and government ministries and agencies.
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor๐
#APT #DarkPink
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor
#APT #DarkPink
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ12๐1
This media is not supported in your browser
VIEW IN TELEGRAM
Group-IB presents the 11th edition of its annual report Hi-Tech Crime Trends 2022/2023 โ a comprehensive threat report, that analyzes various aspects of the cybercriminal world, examines attacks, and shares predictions for what lies ahead
What will you find in the report?
โข Analysis of current trends in cyber space
โข Forecasts for 2023
โข Detailed analysis of the global threat landscape
โข Security recommendations
Who is this report intended for?
The Hi-Tech Crime Trends 2022/2023 report is a practical guide for building effective cybersecurity strategies. It is intended for IT directors, heads of cybersecurity teams, technical specialists, including ะกISOs, SOC and DFIR teams, researchers and malware analysts, as well as threat hunting experts.
Want some spoilers?
โข Ransomware is the number one threat across all industries. Surprised? itโs unlikely to change soon.
โข Initial Access Brokers (IABs) make the attacks of ransomware gangs and other threat actors more affordable.
โข Amount of databases leaked worldwide has doubled and continues to grow.
โข Information stealers and clouds of logs โ a simple but serious threat.
Where can you get the full report?
The Hi-Tech Crime Trends 2022/2023 report is already available for downloading. Click here ๐
#HiTechCrimeTrends #report
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ13๐3โค2๐2
Let's dive a little bit deeper into the ransomware threat. According to the latest edition of Group-IBโs annual Hi-Tech Crime Trends report, ransomware will remain the top threat for organizations and businesses in 2023.
Here are some highlights:
๐Across the globe, 2,886 companies had their information, files, and data published on ransomware DLS between H2 2021 โ H1 2022.
๐The top five most affected countries were the United States, Germany, United Kingdom, Canada, and Italy.
๐The largest number of ransomware-related data leak victims were found in the following sectors: manufacturing, real estate, professional services, and transportation industries.
๐The most active ransomware groups in H2 2021 โ H1 2022 were Lockbit, Conti, and Hive.
Want to learn more about Group-IB's findings on ransomware and other cyberthreats? Download our newest report Hi-Tech Crime Trends 2022/2023๐
#HiTechCrimeTrends #report #ransomware
Here are some highlights:
๐Across the globe, 2,886 companies had their information, files, and data published on ransomware DLS between H2 2021 โ H1 2022.
๐The top five most affected countries were the United States, Germany, United Kingdom, Canada, and Italy.
๐The largest number of ransomware-related data leak victims were found in the following sectors: manufacturing, real estate, professional services, and transportation industries.
๐The most active ransomware groups in H2 2021 โ H1 2022 were Lockbit, Conti, and Hive.
Want to learn more about Group-IB's findings on ransomware and other cyberthreats? Download our newest report Hi-Tech Crime Trends 2022/2023
#HiTechCrimeTrends #report #ransomware
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ7๐1๐1
Make sure to download the full report
#HiTechCrimeTrends #report
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐7
Sharing is caring, and sharing data with the cybersec community is one of our contributions to the global fight against cybercrime. The Group-IB Threat Intelligence team now has its own Twitter account: make sure to follow for the latest research, analytics, IOCs and threat alerts ๐ https://twitter.com/GroupIB_TI
#ThreatIntelligence
#ThreatIntelligence
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4๐ฅ2๐ฑ1
In the summer of 2022, the Group-IB Managed Extended Detection and Response (MXDR) solution successfully detected and blocked an email carrying a malicious attachment. This email was intended for Group-IBโs employees.
While analyzing this attack, the Group-IB Threat Intelligence team found patterns in the actions of the attackers and attributed the observed TTPs to the Tonto Team (aka HeartBeat, Karma Panda, CactusPete, Bronze Huntley, Earth Akhlut). What else did we find out about the threat actor?
โช๏ธThe attackers used phishing emails to deliver malicious Microsoft Office documents created with the Royal Road Weaponizer, a tool widely used by Chinese nation-state threat actors.
โช๏ธDuring the attack, Group-IB researchers noticed the use of the Bisonal.DoubleT backdoor. Bisonal.DoubleT is a unique tool developed by the Tonto Team APT.
โช๏ธThe attackers used a new downloader that Group-IB analysts named TontoTeam.Downloader (aka QuickMute).
Check out our fresh blog where we provide indicators of compromise associated with the Tonto Team campaign and detailed analysis of the tools, techniques, and procedures (TTPs) of the threat actor. This information is useful for organizations fighting cybercrime and information security professionals โ chief information officers, SOC analysts, and incident responders โ in other sectors targeted by the Tonto Team. Read
#APT #TontoTeam
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ10๐5
โ๏ธ The Group-IB Computer Emergency Response Team has analyzed malicious email campaigns detected by Group-IB Managed XDR in Q4 2022. Here are the highlights:
โช๏ธArchives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
โช๏ธIn Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
โช๏ธThreat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
โช๏ธArchives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
โช๏ธIn Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
โช๏ธThreat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
๐ฅ10๐3