In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- London Fire Brigade block almost 340,000 cyber attacks
October 8, 2024
The London Fire Brigade, the fire and rescue service for the UK’s capital, has been targeted by nearly 340,000 cyber-attacks over the past year. The data was collected under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of blocked email attacks by the department. In total, the ...
- Wreaking havoc in cyberspace: threat actors experiment with pentest tools
October 8, 2024
In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver. According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of ...
- Awaken Likho is awake: new techniques of an APT group
October 7, 2024
In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...
- iPhone flaw could read your saved passwords out loud – update now
October 7, 2024
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...
- UK’s Sellafield nuclear waste processing plant fined £333K for infosec blunders
October 4, 2024
The outfit that runs Britain’s Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation’s Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023. Sellafield, located in Cumbria, England, manages more radioactive waste than any other nuclear site in the world, and decommissioning work happening at ...
- Zimbabwe faces alarming rise in cyber attacks amid bank hacking
October 3, 2024
Zimbabwe has witnessed a significant surge in cyber attacks in recent months, with local entities, including banks, falling victim to hacking, the country’s Minister of Information Communication Technology, Tatenda Mavetera has revealed. Mavetera said the threat is also a local phenomenon, citing recent bank hacks in the country. Mavetera stated that cybercrime is not just a ...