May 20, 2021
June 01, 2021
Summary of Findings
- APT groups are using ransomware functionality to enable and mask targeted data destruction, possibly for political reasons.
- DarkSide group has suspended its ransomware-as-a-service (RaaS) program , possibly due to disruptions to its infrastructure following the Colonial Pipeline attack.
- The rapid evolution of JSWorm ransomware from mass-scale operations to targeted threats showcases the investment by RaaS operators in new TTPs.
- The use of third-party loaders is helping ransomware syndicates like Conti grab a larger share of the market.
- Ransomware operators are adopting a new TTP to hinder incident response: deploying multiple variants with different encryption algorithms at the same target.
- Pakistan-linked APT36 is likely behind a spear phishing campaign against defense personnel in India, possibly for espionage purposes.
- A Brazilian banking trojan family has spread from South America to Europe, where it has been used to steal credentials from customers at dozens of banks.