Search cyberveille.decio.ch

Inside the Open Directory of the “You Dun” Threat Group

Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity. The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran. The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions. * The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.

#thedfirreport #EN #2024 #Analysis #open-directory #LockBit #operational #You-Dun #group #China #tools #scan

·thedfirreport.com·Oct 28, 2024

Inside the Open Directory of the “You Dun” Threat Group

Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules

What defines success for ransomware actors during an attack? Breaching a victim’s network, exfiltrating valuable data, and encrypting systems are crucial components. However, the ultimate measurement of success is the actor’s ability to extort a ransom payment, which determines if they achieve their financial goals. Navigating the ransom negotiation phase, whether conducted by the victims themselves or designated recovery firms, demands a high level of expertise and a deep understanding of the attackers involved. This includes studying of the threat actor’s profile, tactics, and evolving strategies. In this complex landscape, there is no one-size-fits-all playbook for successfully managing the negotiation phase, as each ransomware group exhibits distinct behaviors and adopts new tactics shaped by many factors.

#analyst1 #EN #2023 #LockBit #threat-actor #TTP #ransomware #group

·analyst1.com·Nov 17, 2023

Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules