Colonial Pipeline Company fell victim to a cyber attack that resulted in 5,500 miles of its US fuel pipelines being shut down, causing public distress and fears of fuel shortages. The attack was attributed to the ransomware group “DarkSide”, but was likely conducted by one of its affiliates. The group responded quickly to the attack, claiming that DarkSide’s only motive is financial gain, and that they do not want to create problems for society. They also announced that the group will begin approving or denying encryption of any companies the group’s affiliates want to target, to avoid future social consequences. Regardless of such efforts to distance the group from the attack, the consequences could be significant for DarkSide; the involvement of US government agencies and law enforcement will likely add pressure to the group’s operations, and the arrest of DarkSide’s members and/or the responsible affiliate is a realistic possibility.
Other content in this Stream
Advanced persistent threat (APT) groups are often tricky to wrap your head around. By their nature, state-associated groups are well-resourced ...
It has been five years since the dumpster fire we all remember as WannaCry. WannaCry is self-propagating ransomware that held ...
ShadowTalk host Chris alongside Ivan and Nicole bring you the latest in threat intelligence. This week they cover: * REvil ransomware returns with new malware * Moshen Dragon targeting...
In late 2021, we observed a new ransomware operation named “ALPHV” (also known as BlackCat) emerge. The group operates as ...
For the first half of 2021, ransomware groups looked unstoppable. Ransomware gangs were adding victim after victim on their dark ...
The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its ...
As a threat intelligence professional, it’s difficult to ignore how major developments in the real world affect the lives of ...
This blog is the second part of our Data Analysis in Threat Intelligence series, where we focus on the tools ...
As an intelligence analyst, it’s paramount to stay on top of what’s happening in the world around you. To inform ...
You’d have to have been living under a rock to have avoided the excitement surrounding Non-Fungible-Tokens (NFTs) in the last ...
ShadowTalk host Stefano alongside Rory bring you the latest in threat intelligence. This week they cover: * 'RaidForums' has been shut down and seized * SandWorm targets electrical substations in...
In the first quarter of 2022, several high-severity vulnerabilities were targeted by threat actors to facilitate malicious campaigns. The first ...
As the new year has reached the end of its first quarter, it’s time for us to go back and ...
It’s been a little over a month since I wrote about how intelligence requirements (IRs) can help plan a cyber ...
In the past few weeks, the Lapsus$ threat group captured the security community’s attention with a series of brazen and ...
At the end of February, the cybersecurity community was rocked by the appearance of alleged chat logs recording conversations between ...
ShadowTalk host Stefano alongside Chris and Rick bring you the latest on structured analytical techniques. This episode they cover: *Why they use SATs in their intel team *How they came up with...
ShadowTalk host Stefano alongside Kim, Xue, and Rick bring you the latest in threat intelligence. This week they cover: * A recap of a highly dynamic quarter including: * Log4j complex mitigation...
In 2020, there was an estimated 59 trillion gigabytes of data in the world. Most of which was created in ...
Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic ...