A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data. The newly identified, financially motivated group has been active since at least 2016, tirelessly upgrading its tactics, techniques, and procedures (TTPs) to achieve infection and evade detection. FIN11 shows technical sophistication and persistence, often re-infecting organizations after losing initial access. Analysis revealed many substantial similarities between FIN11 and “TA505”, another financially motivated group known to deploy Clop, although a connection between the two cannot be confirmed. FIN11 should be considered to pose a serious threat that will remain active and prevalent in 2020 and 2021.
After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully e...
Most Recent Flipbooks
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.
The 14th Five Year Plan (FYP) adopted by the People’s Republic of China (PRC) in March 2021 has laid out key areas of focus for the country that are likely to prompt nation-state cyber espionage.
Several Clop members were arrested in association with money laundering, and the officials seized infrastructure the group has used in ransomware attacks globally.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.