Make sure to download the full report
#HiTechCrimeTrends #report
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7
Sharing is caring, and sharing data with the cybersec community is one of our contributions to the global fight against cybercrime. The Group-IB Threat Intelligence team now has its own Twitter account: make sure to follow for the latest research, analytics, IOCs and threat alerts 👉 https://twitter.com/GroupIB_TI
#ThreatIntelligence
#ThreatIntelligence
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2😱1
In the summer of 2022, the Group-IB Managed Extended Detection and Response (MXDR) solution successfully detected and blocked an email carrying a malicious attachment. This email was intended for Group-IB’s employees.
While analyzing this attack, the Group-IB Threat Intelligence team found patterns in the actions of the attackers and attributed the observed TTPs to the Tonto Team (aka HeartBeat, Karma Panda, CactusPete, Bronze Huntley, Earth Akhlut). What else did we find out about the threat actor?
▪️The attackers used phishing emails to deliver malicious Microsoft Office documents created with the Royal Road Weaponizer, a tool widely used by Chinese nation-state threat actors.
▪️During the attack, Group-IB researchers noticed the use of the Bisonal.DoubleT backdoor. Bisonal.DoubleT is a unique tool developed by the Tonto Team APT.
▪️The attackers used a new downloader that Group-IB analysts named TontoTeam.Downloader (aka QuickMute).
Check out our fresh blog where we provide indicators of compromise associated with the Tonto Team campaign and detailed analysis of the tools, techniques, and procedures (TTPs) of the threat actor. This information is useful for organizations fighting cybercrime and information security professionals — chief information officers, SOC analysts, and incident responders — in other sectors targeted by the Tonto Team. Read
#APT #TontoTeam
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10👍5
✉️ The Group-IB Computer Emergency Response Team has analyzed malicious email campaigns detected by Group-IB Managed XDR in Q4 2022. Here are the highlights:
▪️Archives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
▪️In Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
▪️Threat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
▪️Archives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
▪️In Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
▪️Threat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
🔥10👍3
🐍 Old snake, new skin.
Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by the nation-state cyber threat actor SideWinder between June and November 2021. For the first time, Group-IB researchers confirmed the links between the SideWinder, Baby Elephant, and Donot APT groups and described the entire arsenal of the cyberespionage group, including newly discovered tools. What else?
▪️SideWinder has been systematically attacking government organizations in South and East Asia for espionage purposes for about 10 years.
▪️The attackers attempted to target 61 government, military, law enforcement, and other organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.
▪️Group-IB specialists analyzed SideWinder’s network infrastructure and found numerous phishing resources, including a spear-phishing project targeting the crypto industry.
▪️Among the newly discovered tools were SideWinder.RAT.b (a remote access Trojan) and SideWinder.StealerPy, which is a custom information stealer written in Python designed to exfiltrate information collected from the victim’s computer.
Curious to know more? Download Group-IB’s new report "Old snake, new skin: Analysis of SideWinder APT activity between June and November 2021". The report contains YARA rules for hunting the group and a table with the group’s TTPs (Tactics, Techniques, and Procedures) mapped to the MITRE ATT&CK® matrix, providing all the information companies and organizations needed to update their security controls to detect SideWinder. Download👈
#APT #SideWinder
Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by the nation-state cyber threat actor SideWinder between June and November 2021. For the first time, Group-IB researchers confirmed the links between the SideWinder, Baby Elephant, and Donot APT groups and described the entire arsenal of the cyberespionage group, including newly discovered tools. What else?
▪️SideWinder has been systematically attacking government organizations in South and East Asia for espionage purposes for about 10 years.
▪️The attackers attempted to target 61 government, military, law enforcement, and other organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.
▪️Group-IB specialists analyzed SideWinder’s network infrastructure and found numerous phishing resources, including a spear-phishing project targeting the crypto industry.
▪️Among the newly discovered tools were SideWinder.RAT.b (a remote access Trojan) and SideWinder.StealerPy, which is a custom information stealer written in Python designed to exfiltrate information collected from the victim’s computer.
Curious to know more? Download Group-IB’s new report "Old snake, new skin: Analysis of SideWinder APT activity between June and November 2021". The report contains YARA rules for hunting the group and a table with the group’s TTPs (Tactics, Techniques, and Procedures) mapped to the MITRE ATT&CK® matrix, providing all the information companies and organizations needed to update their security controls to detect SideWinder. Download
#APT #SideWinder
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍2
📦 What happens when you combine ransomware with information stealers, remote access Trojans, and other malware in one easy-to-download package?
Dubai-based researchers from Group-IB’s Digital Forensics and Incident Response (DFIR) team found that malicious actors, instead of simply infecting a computer with ransomware, have taken to packaging a whole host of malicious files into what we call malware bundles.
Malware bundles have been around for a while, but their recent usage by cybercriminals reveals some interesting trends. First, it highlights how threat actors, with their ever-growing appetite for cash, create new approaches for monetization. Secondly, their usage can reveal insights into the interactions between low-skilled threat actors and their more sophisticated counterparts. An entry-level cybercriminal can leverage a malware bundle to gain access to a single computer, but they are also able to sell this access to a more-skilled threat actor who is able to move laterally from a single device to an entire corporate network.
Check out our latest blog post to get the insights from our investigations into affected companies in Egypt, South Africa, Saudi Arabia, Turkey, Morocco, UAE, Kenya, Israel, Pakistan, India, and Germany. We discuss channels of delivery, malware attribution, tactics, techniques and procedures (TTPs), and bundled parts and roles, all in reference to the MITRE ATT&CK® (Adversarial Tactics, Techniques & Common Knowledge) framework, in order to detail how the cybercriminals gained initial access and secured persistence. Read now👈
#ransomware
Dubai-based researchers from Group-IB’s Digital Forensics and Incident Response (DFIR) team found that malicious actors, instead of simply infecting a computer with ransomware, have taken to packaging a whole host of malicious files into what we call malware bundles.
Malware bundles have been around for a while, but their recent usage by cybercriminals reveals some interesting trends. First, it highlights how threat actors, with their ever-growing appetite for cash, create new approaches for monetization. Secondly, their usage can reveal insights into the interactions between low-skilled threat actors and their more sophisticated counterparts. An entry-level cybercriminal can leverage a malware bundle to gain access to a single computer, but they are also able to sell this access to a more-skilled threat actor who is able to move laterally from a single device to an entire corporate network.
Check out our latest blog post to get the insights from our investigations into affected companies in Egypt, South Africa, Saudi Arabia, Turkey, Morocco, UAE, Kenya, Israel, Pakistan, India, and Germany. We discuss channels of delivery, malware attribution, tactics, techniques and procedures (TTPs), and bundled parts and roles, all in reference to the MITRE ATT&CK® (Adversarial Tactics, Techniques & Common Knowledge) framework, in order to detail how the cybercriminals gained initial access and secured persistence. Read now
#ransomware
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍3
🤝 Group-IB is pleased to announce that it has signed a partnership agreement with Pacific Tech, a value-added distributor of cybersecurity solutions. This marks the first distributorship for Group-IB in Singapore, with Pacific Tech to be responsible for providing Group-IB's entire suite of products and services for preventing and investigating cybercrime within the Southeast Asian region, specifically in Singapore, Malaysia, Indonesia, Brunei, Cambodia, Thailand, and Myanmar.
To help local companies better manage the growing risk of cyber-attacks more efficiently, Group-IB partners up with Pacific Tech, built on the back of an experienced and proven product management and distribution workforce. Pacific Tech team will distribute Group-IB’s Unified Risk Platform – an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface.
More details👈
#partnership
To help local companies better manage the growing risk of cyber-attacks more efficiently, Group-IB partners up with Pacific Tech, built on the back of an experienced and proven product management and distribution workforce. Pacific Tech team will distribute Group-IB’s Unified Risk Platform – an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface.
More details👈
#partnership
🔥8👍6❤1🏆1
Want to learn how to monitor for IS incidents, detect threats, eliminate false positives, and perform initial incident response? Register for the "Blue Team Analyst" training course by Group-IB!
In three days, you’ll know how to:
▪️Monitor all solutions to ensure that the organization is secure;
▪️Quickly assess security incidents and determine the main features of a cyberattack;
▪️Support threat intelligence and threat hunting processes.
It's time to enhance your skills! Register now👈
#education
In three days, you’ll know how to:
▪️Monitor all solutions to ensure that the organization is secure;
▪️Quickly assess security incidents and determine the main features of a cyberattack;
▪️Support threat intelligence and threat hunting processes.
It's time to enhance your skills! Register now
#education
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍2🔥2
Today we have big news! Group-IB has announced its plans to open a Digital Crime Resistance Center in Thailand. Moreover, at a press conference held in Bangkok, the company signed a strategic partnership agreement with nForce (SECURE), Thailand's top cybersecurity-focused value-added distributor🤝
“We are excited to partner with nForce, which has a great reputation in the Thai market and will help us expand our footprint in the region. Group-IB’s Digital Crime Resistance Center and this partnership are significant steps forward in extending our global mission of fighting cybercrime to Thai shores. We believe that together with nForce we will build an incident response team of passionate professionals committed to creating safer cyberspace”, Dmitry Volkov, CEO of Group-IB, said.
Check out our website for more details👈
#partnership
“We are excited to partner with nForce, which has a great reputation in the Thai market and will help us expand our footprint in the region. Group-IB’s Digital Crime Resistance Center and this partnership are significant steps forward in extending our global mission of fighting cybercrime to Thai shores. We believe that together with nForce we will build an incident response team of passionate professionals committed to creating safer cyberspace”, Dmitry Volkov, CEO of Group-IB, said.
Check out our website for more details
#partnership
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12❤3👍3🏆3