Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses.
Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year. Howling Scorpius targets small to medium-sized businesses in North America, Europe and Australia, across various sectors. Affected industries include education, consulting, government, manufacturing, telecommunications, technology and pharmaceuticals.
Read more…
Source: Palo Alto Unit 42
Related:
- Volt Typhoon Actors Exploiting Insecure SOHO Routers
January 31, 2024
Threat actors—particularly the People’s Republic of China (PRC)—sponsored Volt Typhoon group—are compromising small office/home office (SOHO) routers by exploiting software defects that manufacturers must eliminate through secure software design and development. Specifically, Volt Typhoon actors are exploiting security defects in SOHO routers to use them as launching pads to further compromise U.S. critical infrastructure entities. CISA ...
- Blackwood APT Group Has a New DLL Loader
January 29, 2024
This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt to install a backdoor for communications monitoring and diversion. It has evasive capabilities and, as of this writing, is targeting companies and ...
- HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft
January 25, 2024
HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives ...
- Russian hackers attack Ukraine MoD resources
January 25, 2024
Cyber attacks by Russian government-funded groups on the resources run by the Ministry of Defense using phishing, distribution of remote code execution malware, and blocking of access to web resources have been recorded. “Last day, attacks on Ukraine’s government and commercial sectors were recorded. Also, attacks by Russia-funded hacker groups were launched on the resources of ...
- Microsoft actions following attack by nation state actor Midnight Blizzard
January 19, 2024
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. Beginning in ...
- Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
January 19, 2024
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to ...