Based on the tsunami of information we received:
1. The Lockbit MacOS ransomware is real. Lockbit has confirmed this.
2. People speculate it is incomplete. The MacOS payload is riddled with bugs - including a good ol' buffer overflow.
3. It is Sunday. We'll see you nerds later
1. The Lockbit MacOS ransomware is real. Lockbit has confirmed this.
2. People speculate it is incomplete. The MacOS payload is riddled with bugs - including a good ol' buffer overflow.
3. It is Sunday. We'll see you nerds later
π45π«‘15β€4π₯3
Today Microsoft announced they're changing the way they name and label threat groups. The new naming convention now aligns with "the theme of weather"
The new names are absolutely ridiculous and we are having a difficult time taking it seriously
See attached images for examples
The new names are absolutely ridiculous and we are having a difficult time taking it seriously
See attached images for examples
π€£88π7π€7
We've updated the vx-underground malware collection.
- Virusshare.00466
- Updates to the Redline family
- Updates to the Magniber family
- Updates to the xLoader family
- New family added: Mmon
Check it out here: https://www.vx-underground.org/malware.html
- Virusshare.00466
- Updates to the Redline family
- Updates to the Magniber family
- Updates to the xLoader family
- New family added: Mmon
Check it out here: https://www.vx-underground.org/malware.html
β€21π1
The 3CX supply chain attack was the result of previously undiscovered X-Trader supply chain attack
The 3CX CEO wasn't lying about an upstream vendor being the result of the compromise.
tl;dr supply chain attack to supply chain attack
More information: https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
The 3CX CEO wasn't lying about an upstream vendor being the result of the compromise.
tl;dr supply chain attack to supply chain attack
More information: https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Cloud Blog
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsibleβ¦
π±12π7β€2π2π―1
February 21st, 2023, ALPHV ransomware group informed their affiliates of a new 'product' update.
Their new ransomware variant is named Sphynx.
Their new ransomware variant is named Sphynx.
π14π«‘7π₯2β€1
We've updated the vx-underground malware sample collection. We have added new samples for the following families:
- Nanocore
- AsyncRAT
- NetwireRAT
- AgentTesla
- LokiBot
- Formbook
- CobaltStrike
- NjRat
- Chaos Ransomware
Check it out here: https://samples.vx-underground.org/samples/Families/
- Nanocore
- AsyncRAT
- NetwireRAT
- AgentTesla
- LokiBot
- Formbook
- CobaltStrike
- NjRat
- Chaos Ransomware
Check it out here: https://samples.vx-underground.org/samples/Families/
β€14π₯7π2
Today someone stole 3,600lbs (1632kg) of Gold from the Toronto Pearson Airport. It is valued at roughly $100,000,000.
The police currently have no suspects. Unrelated to malware of course, but such a ballsy heist is impressive.
More information:
https://www.cbc.ca/news/canada/toronto/gold-heist-pearson-airport-toronto-1.6817345
The police currently have no suspects. Unrelated to malware of course, but such a ballsy heist is impressive.
More information:
https://www.cbc.ca/news/canada/toronto/gold-heist-pearson-airport-toronto-1.6817345
CBC
$20M worth of gold, other items stolen in 'very rare' heist at Pearson Airport, police say | CBC News
Peel police are investigating the theft of a "high value container" with items worth an estimated $20 million from Toronto's Pearson Airport early Monday evening.
π«‘43π₯°18β€5π4π2π1π€©1π1
An unknown Threat Actor has compromised the European Union's web domain and is using it to distribute Fortnite V-Bucks scams...
They've also compromised 15 other high-profile websites. See full list in attached image below.
Information via g0njxa and Gi7w0rm
They've also compromised 15 other high-profile websites. See full list in attached image below.
Information via g0njxa and Gi7w0rm
π€£66π3β€2π2
Use Twitter image description feature as a C2.
See example in attached link: https://twitter.com/vxunderground/status/1649251062820249600
See example in attached link: https://twitter.com/vxunderground/status/1649251062820249600
X (formerly Twitter)
vx-underground (@vxunderground) on X
Use Twitter image description feature as a C2
π₯°13π―2π«‘2β€1
ALPHV ransomware group modus operandi has changed. The recent victim postings tone has changed significantly. They do not come across as calm and professional as ALPHV traditionally has.
Someone is new to their group and much more vocal.
Image 1. New ALPHV
Image 2. Old ALPHV
Someone is new to their group and much more vocal.
Image 1. New ALPHV
Image 2. Old ALPHV
π€£27β€5π₯4π3π±2