In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CoreWarrior Spreader Malware Surge
October 11, 2024
This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle The malware ...
- Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
October 11, 2024
Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of the investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...
- UNODC report exposes escalating threat of organized crime in the Pacific
October 11, 2024
The Pacific is increasingly becoming an important transshipment hub and an operational and destination point for organized crime syndicates, according to a new report launched today by the UN Office on Drugs and Crime (UNODC). Titled Transnational Organized Crime in the Pacific: Expansion, Challenges, and Impact, the report provides a detailed analysis of the rapidly evolving ...
- Internet Archive data breach exposes more than 31 million user accounts
October 11, 2024
The Internet Archive, a popular digital library known for its Wayback Machine, was hacked and suffered a data breach that reportedly exposed 31 million user accounts. Founder Brewster Kahle confirmed in a post on the social media platform X that a cyberattack on Tuesday knocked the website offline. He also said that usernames, emails, and encrypted ...
- Nokia Report Highlights Surge in Cyber Attacks on Telecom Infrastructure
October 11, 2024
The latest findings from Nokia’s Threat Intelligence Report reveal an alarming increase in cybercriminal activity targeting telecom infrastructure, largely fueled by advances in Generative AI and automation. This escalation has significant implications for network security and operational reliability within the telecommunications sector. The report indicates that the frequency of distributed denial of service (DDoS) attacks has ...
- Digital arrests – the newest deepfake tool used by cybercriminals
October 11, 2024
An Indian textile baron has revealed that he was duped out of 70 million rupees ($833,000) by online scammers impersonating federal investigators and even the Supreme Court chief justice. The fraudsters posing as officers from India’s Central Bureau of Investigation (CBI) called SP Oswal, chairman and managing director of the textile manufacturer Vardhman, on August 28 ...