May 20, 2021
Earlier
Latest
June 01, 2021
Rapid TTP Development and Syndicate Adoption Ignite Q2 Ransomware Explosion
Summary of Findings
- APT groups are using ransomware functionality to enable and mask targeted data destruction, possibly for political reasons.
- DarkSide group has suspended its ransomware-as-a-service (RaaS) program , possibly due to disruptions to its infrastructure following the Colonial Pipeline attack.
- The rapid evolution of JSWorm ransomware from mass-scale operations to targeted threats showcases the investment by RaaS operators in new TTPs.
- The use of third-party loaders is helping ransomware syndicates like Conti grab a larger share of the market.
- Ransomware operators are adopting a new TTP to hinder incident response: deploying multiple variants with different encryption algorithms at the same target.
- Pakistan-linked APT36 is likely behind a spear phishing campaign against defense personnel in India, possibly for espionage purposes.
- A Brazilian banking trojan family has spread from South America to Europe, where it has been used to steal credentials from customers at dozens of banks.
Popular
July 30, 2020
CTI Investigation into COVID-19 Contact Tracing Apps
In cooperation with the ThreatFabric research team.
Explore topics
Threats and Vulnerabilities Intelligence Research Malware Ransomware Threat Intelligence Industry STIX and TAXII COVID-19 Threat Intelligence Platform Product MSSP and MDR Corporate Phishing Technical XDR