Weekly: Ransomware Resurgence - The Return of FIN8, DarkSide, and More!

Digital Shadows

ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence. This week they cover:

  • Kim takes us through the return of FIN8 - what are the updates to the “BadHatch” backdoor
  • Chris discusses DarkSides recent resurgence after a quiet period - what’s the latest?
  • Microsoft Exchange exploit update - the team discuss
  • How are threat actors and cybercriminals using ProxyLogon vulnerabilities?

Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-march

***Resources from this week’s podcast***

FIN8: https://labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/

DarkSide: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/

ProxyLogon: https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/

https://www.vice.com/en/article/n7vpaz/researcher-publishes-code-to-exploit-microsoft-exchange-vulnerabilities-on-github

Features: https://www.vice.com/en/article/pkdnkz/escape-zoom-meetings-by-faking-technical-issues-and-crying-with-this-app

https://attack.mitre.org/techniques/T1090/003/

https://attack.mitre.org/software/S0398/

Mapping MITRE to Microsoft Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/

Revisiting Spectre Blog: https://www.digitalshadows.com/blog-and-research/revisiting-the-spectre-and-meltdown-vulnerabilities/

Monitoring for Supplier Risks Blog: https://www.digitalshadows.com/blog-and-research/monitoring-for-risks-coming-from-suppliers/

FBI IC3 Blog: https://www.digitalshadows.com/blog-and-research/fbi-ic3-2020/

Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Previous Report
Weekly Intelligence Summary 26 March
Weekly Intelligence Summary 26 March

The new Internet of Things (IoT) botnet ZHtrap has been turning devices it has infected into honeypots, in ...

Next Report
Weekly Intelligence Summary 19 March
Weekly Intelligence Summary 19 March

Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber atta...

×

Threat Intel Fan?

Sign up below to get our TI updates delivered to your inbox!

First Name
Last Name
Company
Country
State- optional
Job Title
Thank you!
Error - something went wrong!