Two malware variants used in simultaneous cyber-threat campaigns against United States utility entities have been linked to a single threat group. New research into the “FlowCloud” and “LookBack” variants showed similarities that extend beyond targeting. Both are sophisticated remote-access trojans (RATs) that use sector-specific spearphishing emails and other overlapping tactics, techniques, and procedures (TTPs). Researchers have begun to track the operators of FlowCloud and LookBack as “TA410”, likely a capable and persistent group that poses a credible threat to utility entities; TA410’s ability to access services and processes, using LookBack and FlowCloud, would likely enable the group to control or manipulate compromised networks and halt critical functions, as well as steal sensitive business data.
Most Recent Flipbooks
Weekly Intelligence Summary 15 January
A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware.
Weekly Intelligence Summary 08 January
The cyber-security industry learned some valuable lessons during the unique and unprecedented year of 2020.
Weekly Intelligence Summary 23 December
The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that the site was seized by law-enforcement agencies.
Weekly Intelligence Summary 18 December
SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly sophisticated, manual supply-chain attack.
Weekly Intelligence Summary 11 December
A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.
Weekly Intelligence Summary 4 December
A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher.
Weekly Intelligence Summary 27 November
The operators of the “RagnarLocker” ransomware began an advertising campaign on Facebook to further extort the victim of one of their recent attacks.
Weekly Intelligence Summary 20 November
“CostaRicto” has become the fourth cyber-mercenary group to be discovered in 2020.
Weekly Intelligence Summary 13 November
The North Korean cyber-threat group “Kimsuky” has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA), having proved itself a significant advanced persistent threat.
Weekly Intelligence Summary 06 November 2020
The developers of the infamous “Maze” ransomware claimed to have permanently ceased operations.
Weekly Intelligence Summary 30 October 2020
After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully encrypt data in just five hours.
Weekly Intelligence Summary 23 October 2020
A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data.
Weekly Intelligence Summary 16 October 2020
Advanced persistent threat groups linked to China and Iran have conducted cyber espionage through front companies, under the guise of legitimate technology services.
Weekly Intelligence Summary 09 October 2020
The source code of several operating systems (OS) developed by Microsoft has been published online, sparking public concerns about security.
Weekly Intelligence Summary 02 October 2020
Ransomware encrypted and disabled the systems of Universal Health Services (UHS) hospitals in the US this week, in yet another example of threat actors targeting the healthcare sector.
Weekly Intelligence Summary 25 September 2020
Ransomware attacks are increasingly targeting UK educational establishments, according to the UK’s National Cyber Security Centre (NCSC).
Weekly Intelligence Summary 18 September 2020
Three state-linked threat groups have reportedly conducted cyber attacks aimed at the US Democratic and Republican presidential campaigns.
Weekly Intelligence Summary 11 September 2020
An operations security (OpSec) failure by the threat group “FIN7” led to an unintentional exposure of their new tools, campaigns, and underground affiliations.
Weekly Intelligence Summary 04 September 2020
A wave of extortion attacks has interrupted operations in the financial services and retail sectors with threats of distributed denial of service (DDoS) if ransom is not paid.
Weekly Intelligence Summary 28 August 2020
Remote workers have been falling victim to a voice-phishing (vishing) campaign that involves phone calls and custom phishing pages intended to solicit virtual private network (VPN) credentials.