Law enforcement hammered cybercrime in 2024. Is it…
In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the…
Threat Hunting Case Study: Uncovering Turla | Intel 471
Russia has long been a military power, a nuclear power, a space power and in recent decades, a cyber power. It has been one of the most capable cyber actors, going back to the late 1990s when Russian state hackers stole classified documents and military research from U.S. universities and government agencies. The stolen documents, if stacked on top of one another, would have been taller than the Washington Monument (555 feet or 169 meters). These incidents, dubbed “Moonlight Maze” as described in Thomas Rid’s book “Rise of the Machines,” marked one of the world’s first advanced persistent threat (APT) attacks. Russia’s intelligence and security agencies continue to operate highly skilled groups of offensive attackers. Those APT groups are spread across its intelligence and security agencies and the Ministry of Defense. They engage in a broad range of cyber and influence operations tied to Russia’s strategic objectives. These include exploiting adversary systems, establishing footholds, conducting cyber espionage operations and running disinformation and misinformation campaigns designed to undermine Western narratives. One of the most effective and long-running Russian groups is Turla, a unit known as Center 16 housed within Russia’s Federal Security Service, or FSB. Researchers found that this group, which is active today, may have been connected with Moonlight Maze.
Vulnerabilities Year-in-Review: 2023
In 2023, threat actors continued to exploit a variety of vulnerabilities — both newly discovered weaknesses and unresolved issues — to carry out sophisticated attacks on global organizations. The number of documented software vulnerabilities continued to rise, and threat actors were quick to capitalize on new vulnerabilities and leverage recent releases of publicly available vulnerability research and exploit code to target entities. However, while there was a high number of vulnerabilities released in the reporting period, only a handful actually were weaponized in attacks. The ones of most interest are those that threat actors use for exploitation. In this report, we’ll analyze the numbers and types of vulnerabilities in 2023 with a view to understanding attack trends and how organizations can better defend themselves.
Conti vs. Monti: A Reinvention or Just a Simple Rebranding?
Whether Conti has rebranded as Monti in a bid to mock the former strain or it is just another new ransomware variant on the block.
Why organizations should (and should not) worry about…
KillNet will continue to grow as the war in Ukraine continues, but the group is limited in its capabilities.
PrivateLoader: The first step in many malware schemes
A full technical breakdown of a prolific pay-per-install service.
Conti vs. Monti: A Reinvention or Just a Simple Rebranding?
Whether Conti has rebranded as Monti in a bid to mock the former strain or it is just another new ransomware variant on the block.
Why organizations should (and should not) worry about…
KillNet will continue to grow as the war in Ukraine continues, but the group is limited in its capabilities.
PrivateLoader: The first step in many malware schemes
A full technical breakdown of a prolific pay-per-install service.
Why organizations should (and should not) worry about…
KillNet will continue to grow as the war in Ukraine continues, but the group is limited in its capabilities.
PrivateLoader: The first step in many malware schemes
A full technical breakdown of a prolific pay-per-install service.