DarkSide ransomware gang returns as new BlackMatter operation

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel Read More …

Security team finds Crimea manifesto buried in VBA Rat using double attack vectors

Hossein Jazi and Malwarebytes’ Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals. The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks Read More …

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group

While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation remote access tool (RAT) to one of the compromised servers. The variant observed by Unit 42 is unique in Read More …

FIN7’s Liquor Lure Compromises Law Firm with Backdoor

Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one Read More …

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. Read More …

Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds’ Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt’s post says the attacks saw Nobelium gain access to accounts Read More …