Throughout August and into September 2020, a wave of extortion attacks has interrupted operations in the financial services and retail sectors with threats of distributed denial of service (DDoS) if ransom is not paid. The perpetrators claim to be part of known threat groups “APT28” and “Armada Collective” in their ransom letters, which demand Bitcoin payments to prevent DDoS attacks. However, DDoS has apparently occurred regardless of payment, with advanced methods that prolong the attacks’ effects. Victims include the New Zealand stock exchange (NZX), which has likely incurred significant financial losses over the past week as a result. DDoS extortion attacks are a credible threat, despite a greater focus given to ransomware-based extortion threats over the past year.
An operations security (OpSec) failure by the threat group “FIN7” led to an unintentional exposure of their...
Most Recent Flipbooks
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.
The 14th Five Year Plan (FYP) adopted by the People’s Republic of China (PRC) in March 2021 has laid out key areas of focus for the country that are likely to prompt nation-state cyber espionage.
Several Clop members were arrested in association with money laundering, and the officials seized infrastructure the group has used in ransomware attacks globally.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.