After exposing more than 300 million user records in May 2020, the “ShinyHunters” threat group has allegedly returned with a second stage of data leaks. Unlike in the first stage, which saw the group advertising data for sale, this time ShinyHunters has flooded criminal forums with leaked databases for free―including many that were already sold. The recently exposed databases comprise more than 408 million records from 26 companies involved in technology, media, travel, e-commerce, finance, and education. A forum user suggested that ShinyHunters is linked to a “sawfish phishing” campaign, targeting GitHub developers’ credentials. This and other ShinyHunters techniques bear close resemblance to those of “GnosticPlayers”; it is realistically possible that the two threat groups are connected, or that the latter simply inspired the former.
Most Recent Flipbooks
Weekly Intelligence Summary 15 January
A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware.
Weekly Intelligence Summary 08 January
The cyber-security industry learned some valuable lessons during the unique and unprecedented year of 2020.
Weekly Intelligence Summary 23 December
The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that the site was seized by law-enforcement agencies.
Weekly Intelligence Summary 18 December
SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly sophisticated, manual supply-chain attack.
Weekly Intelligence Summary 11 December
A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.
Weekly Intelligence Summary 4 December
A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher.
Weekly Intelligence Summary 27 November
The operators of the “RagnarLocker” ransomware began an advertising campaign on Facebook to further extort the victim of one of their recent attacks.
Weekly Intelligence Summary 20 November
“CostaRicto” has become the fourth cyber-mercenary group to be discovered in 2020.
Weekly Intelligence Summary 13 November
The North Korean cyber-threat group “Kimsuky” has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA), having proved itself a significant advanced persistent threat.
Weekly Intelligence Summary 06 November 2020
The developers of the infamous “Maze” ransomware claimed to have permanently ceased operations.
Weekly Intelligence Summary 30 October 2020
After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully encrypt data in just five hours.
Weekly Intelligence Summary 23 October 2020
A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data.
Weekly Intelligence Summary 16 October 2020
Advanced persistent threat groups linked to China and Iran have conducted cyber espionage through front companies, under the guise of legitimate technology services.
Weekly Intelligence Summary 09 October 2020
The source code of several operating systems (OS) developed by Microsoft has been published online, sparking public concerns about security.
Weekly Intelligence Summary 02 October 2020
Ransomware encrypted and disabled the systems of Universal Health Services (UHS) hospitals in the US this week, in yet another example of threat actors targeting the healthcare sector.
Weekly Intelligence Summary 25 September 2020
Ransomware attacks are increasingly targeting UK educational establishments, according to the UK’s National Cyber Security Centre (NCSC).
Weekly Intelligence Summary 18 September 2020
Three state-linked threat groups have reportedly conducted cyber attacks aimed at the US Democratic and Republican presidential campaigns.
Weekly Intelligence Summary 11 September 2020
An operations security (OpSec) failure by the threat group “FIN7” led to an unintentional exposure of their new tools, campaigns, and underground affiliations.
Weekly Intelligence Summary 04 September 2020
A wave of extortion attacks has interrupted operations in the financial services and retail sectors with threats of distributed denial of service (DDoS) if ransom is not paid.
Weekly Intelligence Summary 28 August 2020
Remote workers have been falling victim to a voice-phishing (vishing) campaign that involves phone calls and custom phishing pages intended to solicit virtual private network (VPN) credentials.