Les activités ont clairement repris en février sur le front des #ransomware. #Alphv et #lockBit semblent particulièrement actifs. #Hive ? Mystère. Pas mal de victimes attaquées à l'automne, parmi les revendications.
~2.2kk seized from REvil affiliate, Aleksandr Sikerin aka Alexander Sikerin aka Oleksandr Sikerin
https://documentcloud.org/documents/21120139-govuscourts22million-ransom-seizure…
Everyone, due to recent events and my tweets against Alex Sikerin, aka Lalartu of REvil, I have been threatened multiple times. Alex has messaged me today telling me to apologize. So, get ready for my dox on the Conti site in 6-7 hours :)
Everyone, due to recent events and my tweets against Alex Sikerin, aka Lalartu of REvil, I have been threatened multiple times. Alex has messaged me today telling me to apologize. So, get ready for my dox on the Conti site in 6-7 hours :)
This is what DJI’s Drone-ID packets look like. every drone broadcasts this data all the time.
we managed to receive + decode the packets over the air. no encryption. (we saw some confusion around that before)
France 🇫🇷 : le Groupement hospitalier territorial (GHT) Cœur Grand Est est victime d’une #cyberattaque découverte le 19 avril.
Le GHT regroupe 8 établissements publics de santé.
Le logiciel Scribe (Ministère de l'Intérieur) a coûté 11.7M€ seulement en conseil venant de CapGemini. 4 ans de développement pour un abandon en rase-campagne. Au final, des gendarmes-informaticiens ont fait leur propre soft en interne. (source Sénatrice Eliane Assassi)
#Conti continues their operations, despite chatlog leaks and extensive documentation of their tactics.
Our team analyzed the new Linux sample, which targets VMware ESXi servers 👇
Just when we thought we were out, they pulled us back in.
The Conti leaks saga continues, as we uncover a new #ransomware Linux variant in the aftermath of the “Panama Papers of Ransomware”: https://go.trellix.com/3OpUiF6
After successfully locking Oil India, the #ransomware group trying to impersonate REvil (or maybe REvil ?!) added a new victim to their blog:Visotec Group.
I'll be calling them useransom.187201 until an "official" name is given to them.
found signs of a #Pegasus spyware infection at the 🇬🇧Prime Minister's office, 10 Downing St.
We notified 🇬🇧.
We'd found other infections within the Gov.. THREAD 1/
Must-read by
For today, Ivan pushed out some updates on E5 this time for #emotet and even a little spam to test on E4. These 64-bit versions of the emotet loader are very poorly detected at this time so be aware! 👇
#Emotet Update As of approximately 18:45UTC - Ivan laid another egg for us with the 64 bit upgrade of Epoch 5 now. Up until this time, E5 was not active and just sleeping. After this time all existing infections of E5 downloaded a loader update that was 64 bit. 1/x
🚨#Emotet Update🚨 As of approximately 18:45UTC - Ivan laid another egg for us with the 64 bit upgrade of Epoch 5 now. Up until this time, E5 was not active and just sleeping. After this time all existing infections of E5 downloaded a loader update that was 64 bit. 1/x
🚨#Emotet Update🚨 - Looks like Ivan laid an egg for easter and has been busy. As of about 14:00UTC today 2022/04/18 - Emotet on Epoch 4 has switched over to using 64-bit loaders and stealer modules. Previously everything was 32-bit except for occasional loader shenanigans. 1/x
Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files
Une faille de sécurité critique permettant de créer un ver à propagation automatique a été corrigée dans un protocole d'accès à distance Windows (protocole RPC)
▶️Mettez à jour vos équipements avec les correctifs de sécurité de Microsoft
▶️Consultez l’alerte
Alerte CERT-FR
CERTFR-2022-ALE-003 : Vulnérabilité dans l’implémentation du protocole RPC par Microsoft (13 avril 2022)
https://cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-003/…
GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users.
🚨Exploit dans la nature CVE-2022-26809 impacte tous les ports SMB exposés ; c'est un zéro-clic : l'attaque ne nécessite aucune authentification et peut être exploitée aussi bien depuis l'extérieur que l'intérieur du réseau #breakinghteshell#SMB#worm#stuxnet
📌Conti responded by promising to leak customer data from a published blog. Conti sub-group is linked to Karakurt, indeed
Evolution of Conti crime scheme monetization:
BazarLoader➡️Backdoor➡️Cobalt Strike➡️Exiltration ➡️No Locker (no Conti) Deployment➡️KaraKurt Leak Monetization