Valéry Rieß-Marchive’s Tweets

16h

Previous GandCrab and REvil affiliate & current Conti employee, Alex Sikerin aka Sheriff aka Eng Fog aka Lalartu has claimed responsibility for killing a child. Refs: -bleepingcomputer.com/news/security/ -

Quote Tweet

· Nov 30, 2021

~2.2kk seized from REvil affiliate, Aleksandr Sikerin aka Alexander Sikerin aka Oleksandr Sikerin documentcloud.org/documents/2112

2

14

24

ONYPHE

@onyphe

Apr 23

The new platform will be out soon. Main improvement: 10x faster. See screenshots for querying 7-month of data in one request: 2.281s vs 0.225s.

5

6

17h

Update - guess I called his bluff?

Quote Tweet

· 20h

Everyone, due to recent events and my tweets against Alex Sikerin, aka Lalartu of REvil, I have been threatened multiple times. Alex has messaged me today telling me to apologize. So, get ready for my dox on the Conti site in 6-7 hours :)

5

58

20h

Everyone, due to recent events and my tweets against Alex Sikerin, aka Lalartu of REvil, I have been threatened multiple times. Alex has messaged me today telling me to apologize. So, get ready for my dox on the Conti site in 6-7 hours :)

16

46

349

vx-underground

@vxunderground

Apr 23

Threat Intelligence Twitter account "Ido_cohen2" was doxed and has left Twitter. The unknown Threat Actor sent an Emergency Data Request to

@Twitter

, pretending to be law enforcement, to obtain his account information. Intel via

@PogoWasRight

7

86

295

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Nico Schiller

@74ck_0

Apr 22

This is what DJI’s Drone-ID packets look like. every drone broadcasts this data all the time. we managed to receive + decode the packets over the air. no encryption. (we saw some confusion around that before)

@merlinchlosta

1/n

28

429

1,108

Ukraine's postal service hit by cyberattack after sales of warship stamp go online

Bob Carver ✭

@cybersecboardrm

Apr 22

Ukraine's postal service hit by cyberattack after sales of warship stamp go online #CyberAttack

reuters.com

Ukraine's national postal service Ukrposhta said it had been hit by a cyberattack on Friday after sales of a postage stamp depicting a Ukrainian soldier making a crude gesture to a Russian warship...

3

Apr 22

🔥 Let's call it a... heated conversation... 🧐 twitter.com/pancak3lullz/s

This Tweet is unavailable.

1

rivitna

@rivitna2

Apr 21

We didn't have to wait long... :-) windows_x64_encrypt virustotal.com/gui/file/c72c3 windows_x32_encrypt virustotal.com/gui/file/272f1

1

4

5

Le Groupement hospitalier victime d’une cyberattaque

Cyber, etc...

@cyber_etc

Apr 21

France 🇫🇷 : le Groupement hospitalier territorial (GHT) Cœur Grand Est est victime d’une #cyberattaque découverte le 19 avril. Le GHT regroupe 8 établissements publics de santé.

Via

Le Groupement hospitalier territorial (GHT) Cœur Grand Est l’a dévoilé par un communiqué: il a été victime d’un acte de...

1

4

7

Léαlinux

@lea_linux

Apr 21

Le logiciel Scribe (Ministère de l'Intérieur) a coûté 11.7M€ seulement en conseil venant de CapGemini. 4 ans de développement pour un abandon en rase-campagne. Au final, des gendarmes-informaticiens ont fait leur propre soft en interne. (source Sénatrice Eliane Assassi)

49

905

2,331

Christiaan Beek

@ChristiaanBeek

Apr 20

#Conti continues their operations, despite chatlog leaks and extensive documentation of their tactics. Our team analyzed the new Linux sample, which targets VMware ESXi servers 👇

Quote Tweet

Trellix

@Trellix

· Apr 20

Just when we thought we were out, they pulled us back in. The Conti leaks saga continues, as we uncover a new #ransomware Linux variant in the aftermath of the “Panama Papers of Ransomware”: go.trellix.com/3OpUiF6

1

9

17

Sophos France

@SophosFrance

Apr 20

Après une légère accalmie en janvier et février 2022,

Ransomware : la menace retrouve des niveaux record

a recensé plus de 320 attaques par #ransomware au mois de mars. Son analyse est à lire sur

@LeMagIt

:

lemagit.fr

En mars, le nombre de cyberattaques avec ransomware observées à travers le monde a fortement progressé par rapport aux deux premiers mois de l’année. Et rien ne semble annoncer une éventuelle accal...

11

13

Soufiane Tahiri

@S0ufi4n3

Apr 20

After successfully locking Oil India, the #ransomware group trying to impersonate REvil (or maybe REvil ?!) added a new victim to their blog:Visotec Group. I'll be calling them useransom.187201 until an "official" name is given to them.

@SOSIntel

@ransomwaremap

5

29

70

: newyorker.com/magazine/2022/

BREAKING: we

found signs of a #Pegasus spyware infection at the 🇬🇧Prime Minister's office, 10 Downing St. We notified 🇬🇧. We'd found other infections within the Gov.. THREAD 1/ Must-read by

@RonanFarrow

83

3,036

4,425

Joseph Roosen

@JRoosen

For today, Ivan pushed out some updates on E5 this time for #emotet and even a little spam to test on E4. These 64-bit versions of the emotet loader are very poorly detected at this time so be aware! 👇

Quote Tweet

Cryptolaemus

@Cryptolaemus1

· Apr 19

#Emotet Update

As of approximately 18:45UTC - Ivan laid another egg for us with the 64 bit upgrade of Epoch 5 now. Up until this time, E5 was not active and just sleeping. After this time all existing infections of E5 downloaded a loader update that was 64 bit. 1/x

Show this thread

11

22

Cryptolaemus

@Cryptolaemus1

Karakurt : la filiale de Conti qui extorque sans ransomware

🚨#Emotet Update🚨 As of approximately 18:45UTC - Ivan laid another egg for us with the 64 bit upgrade of Epoch 5 now. Up until this time, E5 was not active and just sleeping. After this time all existing infections of E5 downloaded a loader update that was 64 bit. 1/x

1

42

86

Mener des #cyberattaques à des fins d'extorsion, mais sans #ransomware ? #Karakurt le fait... dans le giron de #Conti !

@TetraDef

,

@AdvIntel

et

@infinitumITlabs

ont établi le lien entre les deux groupes.

lemagit.fr

4

6

AQUITEC and Matmut ATLANTIQUE

organise un nouvel #évènement une journée entièrement dédiée #cybersecurite #innovation #robotique le 15 juin 2022

@MatmutAtl

2

Seems like #ransomware affiliates have had a few busy days. Already 11 victims claims coming from the #Lockbit franchise today... 😰

1

5

9

LeMagIT

@LeMagIT

Les #dessinLeMagIT de la semaine

@FrancoisCointe

2

Brad

@malware_traffic

2022-04-18 (Monday) - #Qakbot (#Qbot) infection led to #DarkVNC on 45.153.241[.]142 and #CobaltStrike on 193.29.13[.]159. 193.29.13[.]159 reported as #CobaltStrike server by

@drb_ra

and

@RedPacketSec

earlier this month - Zip: bazaar.abuse.ch/sample/936762a - DLL: bazaar.abuse.ch/sample/f0fc0e1

34

83

Cryptolaemus

@Cryptolaemus1

🚨#Emotet Update🚨 - Looks like Ivan laid an egg for easter and has been busy. As of about 14:00UTC today 2022/04/18 - Emotet on Epoch 4 has switched over to using 64-bit loaders and stealer modules. Previously everything was 32-bit except for occasional loader shenanigans. 1/x

1

82

149

How to recover files encrypted by Yanlouwang

Fabio Assolini

@assolini

Apr 18

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files

securelist.com

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

83

191

ANSSI

@ANSSI_FR

Une faille de sécurité critique permettant de créer un ver à propagation automatique a été corrigée dans un protocole d'accès à distance Windows (protocole RPC) ▶️Mettez à jour vos équipements avec les correctifs de sécurité de Microsoft ▶️Consultez l’alerte

@CERT_FR

👇

Quote Tweet

CERT-FR

@CERT_FR

· Apr 13

Alerte CERT-FR

CERTFR-2022-ALE-003 : Vulnérabilité dans l’implémentation du protocole RPC par Microsoft (13 avril 2022) cert.ssi.gouv.fr/alerte/CERTFR-

1

102

108

GitHub Security

@GitHubSecurity

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party...

GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users.

github.blog

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to...

23

950

1,116

Anis Haboubi |₿|

@HaboubiAnis

🚨Exploit dans la nature CVE-2022-26809 impacte tous les ports SMB exposés ; c'est un zéro-clic : l'attaque ne nécessite aucune authentification et peut être exploitée aussi bien depuis l'extérieur que l'intérieur du réseau #breakinghteshell #SMB #worm #stuxnet

GIF

1

23

40

Éric Freyssinet

@ericfreyss

CoRIIN 2022 - Conférence sur la réponse aux incidents et l'investigation numérique 2022

N'oubliez pas de proposer vos talks pour #CoRIIN2022 conf.cecyf.fr/event/1/

@cecyf_coriin

le 07 juin 2022, premier jour du

@FIC_eu

conf.cecyf.fr

Dans le cadre du FIC 2022, nous vous proposons de nous retrouver le premier jour de cet événement de référence (mardi 07 juin 2022), pour la huitième conférence de ce genre en France, dédiée aux...

3

5

Vitali Kremez

@VK_Intel

📌Conti responded by promising to leak customer data from a published blog. Conti sub-group is linked to Karakurt, indeed Evolution of Conti crime scheme monetization: BazarLoader➡️Backdoor➡️Cobalt Strike➡️Exiltration ➡️No Locker (no Conti) Deployment➡️KaraKurt Leak Monetization

2

24

85

Zloader 2: The Silent Night - Avast Threat Labs

Vladimir Martyanov

@ffb7d579

Apr 14

My research about #Zloader and his connection to other families. Very strong connection to #Ursnif aka #Gozi shown!

decoded.avast.io

Technical analysis of the Zloader botnet which was recently brough to court for a takedown operation and prosecution of its authors.

3

50

143

CERT-FR

@CERT_FR

⚠️ Mise à jour de l'alerte CERTFR-2022-ALE-003 : [MàJ] Vulnérabilité dans l’implémentation du protocole RPC par Microsoft (15 avril 2022) cert.ssi.gouv.fr/alerte/CERTFR-

45

44

Brett Callow

@BrettCallow

Seems somebody has caused Conti to have a little tantrum (another one.)

1

5

18

Citalid - Next Generation Cyber Risk Management

@Citalid

Suite au succès de la 1ère édition 🙏 et alors que la conflictualité cyber s’internationalise, l’équipe #CTI

@Citalid

vous propose la 2nde édition de sa chronologie comparée des évènements #cyber et #géopolitiques de la #guerre #Russie #Ukraine️️ 👉bit.ly/3jHyxCy

11

15

🧐 twitter.com/radvadva/statu

This Tweet is unavailable.

1

According to data from

@onyphe

, #Tavistock Group had an #Exchange server still affected by #ProxyShell... a week ago. Not so surprisingly, it appears offline today.

GIF

read image description

ALT

1

3

And yet another victim that miraculously vanishes. Removed from #Cuba website a few hours ago. Still no public statement from #Tavistock Group. twitter.com/_bettercyber_/

This Tweet is unavailable.

1

2

6