In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Finland sees record number of data breach reports in 2023
June 18, 2024
A record high number of data breaches were reported to Finland’s Data Protection Ombudsman last year, according to a report by news group Uutissuomalainen. In total, the office received 6,900 data breach reports in 2023, an increase of 1,400 on the figure for 2022. Assistant Data Protection Ombudsman Heljä-Tuulia Pihamaa told Uutissuomalainen that the sharp rise ...
- Hackers are using fake Chrome, Word and OneDrive errors to trick people into installing malware
June 17, 2024
Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various ...
- Keytronic confirms data breach after Black Basta ransomware gang strikes again
June 17, 2024
Hardware firm Keytronic has confirmed a significant data breach weeks after the Black Basta ransomware group leaked over 500GB of the company’s stolen data around two weeks ago. The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in an SEC filing over a month ago on May 6 – the attack was ...
- Malvertising Campaign Leads to Execution of Oyster Backdoor
June 17, 2024
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams. The installers were being used to drop a backdoor identified as Oyster, aka Broomstick. Following execution of the backdoor, we have observed enumeration commands indicative of hands-on-keyboard activity as well as the ...
- Philippines Maritime Industry Authority web-based systems hit by cyber attack
June 17, 2024
Four web-based systems belonging to the Maritime Industry Authority (MARINA) were “attacked and compromised” on Sunday, MARINA said Monday. MARINA said it deployed its concerned officials and employees to its Central Office to “to implement expeditious measure to ensure the protection of the integrity of the systems.” Read more… Source: MSN News Sign up for our Newsletter Related:
- UK: King Charles military badge rollout delayed over fears China could ‘use them for spying’
June 15, 2024
The introduction of military badges specially redesigned to mark King Charles’s accession to the throne has been delayed, with claims British Army chiefs fear the insignia could be made in China, enabling Beijing to insert tracking devices into them. Regiments which have a royal crest on their berets are changing “cap badges” from a design with ...