Over the last two weeks, we saw the new BianLian ransomware gang, used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations. Also, Cisco confirms Yanluowang ransomware leaked stolen company data.
For more articles, check out our #onpatrol4malware blog.
Cisco confirms Yanluowang ransomware leaked stolen company data
Cisco has confirmed that the data leaked yesterday by the Yanluowang ransomware gang was stolen from the company network during a cyberattack in May. Read more.
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
Source: Sentinel LABS
A new trend on the ransomware scene – intermittent encryption, or partial encryption of victims’ files. This encryption method helps ransomware operators to evade detection systems and encrypt victims’ files faster. Read more.
Lazarus and the tale of three RATs
Source: Cisco TALOS
Cisco Talos observed North Korean state-sponsored APT Lazarus Group conducting malicious activity between February and July 2022.Lazarus has been previously attributed to the North Korean government by the U.S. CISA. Read more.
APT42: Crooked Charms, Cons, and Compromises
An Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. Read more.
BianLian Ransomware Gang Gives It a Go!
BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations. Read more.
Mirai Variant MooBot Targeting D-Link Devices
In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products.. Read more.
EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web
Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Read more.