Initial access broker repurposing techniques in targeted attacks against Ukraine

As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post provides details on five different campaigns conducted from April to Read More …

Exotic Lily: Exposing initial access broker with ties to Conti

In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group’s activity, we determined they are an Initial Access Broker (IAB) Read More …

Cybercriminals sell access to international shipping, logistics giants

Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn. On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to Read More …