Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses.
Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year. Howling Scorpius targets small to medium-sized businesses in North America, Europe and Australia, across various sectors. Affected industries include education, consulting, government, manufacturing, telecommunications, technology and pharmaceuticals.
Read more…
Source: Palo Alto Unit 42
Related:
- U.S. Wiretap Systems Targeted in China-Linked Hack
October 5, 2024
A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to ...
- From 12 to 21: How Kaspersky discovered connections between the Twelve and BlackJack groups
September 25, 2024
While analyzing attacks on Russian organizations, Kaspersky team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. Kaspersky researchers recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity. In this report, ...
- Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
September 23, 2024
Since 2022, Mandiant has tracked and reported on IT workers operating on behalf of the Democratic People’s Republic of Korea (DPRK). These workers pose as non-North Korean nationals to gain employment with organizations across a wide range of industries in order to generate revenue for the North Korean regime, particularly to evade sanctions and fund ...
- UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
September 19, 2024
UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain ...
- Chinese APT Abuses VSCode to Target Government in Asia
September 6, 2024
Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target ...
- Tropic Trooper spies on government entities in the Middle East
September 5, 2024
Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle ...