In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Greek police data leak exposes details of elite crime-fighting unit members
October 18, 2024
A Greek police officers association says it is planning legal action after names and details of hundreds of officers from a new elite crime-fighting agency were published on the internet. The Directorate for Combating Organised Crime, DAOE, was launched Thursday to tackle organized crime activities including contract killings, fuel smuggling and money laundering. Police officials confirmed ...
- New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
October 17, 2024
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration ...
- Europol: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan
October 17, 2024
US authorities have unveiled this week charges against two Sudanese nationals involved in a significant Distributed-Denial-of-Service (DDoS) cybercrime network, following an international investigation that spanned multiple countries. The investigation exposed the activities of Anonymous Sudan, a prolific cybercrime group conducting destructive DDoS attacks to support their ideologically-motivated agenda. Europol coordinated the European dimension of the investigation, ...
- Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
October 17, 2024
Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. ...
- Cyber Security Association of China calls for cybersecurity review of Intel products sold in China
October 16, 2024
The Cyber Security Association of China on Wednesday called for the launch of a systematic review of potential cybersecurity risks in Intel products due to frequent vulnerabilities and high failure rates, in order to effectively safeguard China’s national security and the legitimate rights and interests of Chinese consumers. The association cited four reasons for the review: ...
- Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
October 16, 2024
From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics. In ...