Imagine someone selling hacked access like real estate—unwitting gateways to ransomware attacks worth millions. The Volkov case lifts the veil on this shadowy cyber trade. Curious how it all unfolds?
#initialaccessbroker
#ransomware
#cybercrime
#volkovcase
#yanluowang
#lockbit
#cryptocurrency
#cybersecuritytrends
#lawenforcement
A user of DarkForums is selling an initial access to a Finnish video gaming company.
Access Type: SMB
OS: Windows
Revenue: 27.5 Million $
Price: 1,1k (XMR)
Defining a new methodology for modeling and tracking compartmentalized threats - In the evolving cyberthreat landscape, Cisco Talos is witnessing a significant shi... https://blog.talosintelligence.com/compartmentalized-threat-modeling/ #initialaccessbroker #landingpagetopstory #topstory
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling - Cisco Talos has observed a growing trend of attack kill chains being split into tw... https://blog.talosintelligence.com/redefining-initial-access-brokers/ #initialaccessbroker #landingpagetopstory #topstory
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools - Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote m... https://blog.talosintelligence.com/spam-campaign-targeting-brazil-abuses-rmm-tools/ #initialaccessbroker #threatspotlight
Découvrez le rôle des "Initial Access Brokers", ces courtiers de l'ombre qui vendent des accès illégaux à des systèmes informatiques, à l'instar d'agents immobiliers vendant des propriétés, mais dans la cybercriminalité. 🕵️♂️ Ces intermédiaires facilitent les cyberattaques en réduisant le travail des hackers, rendant la prévention et la détection des menaces plus cruciales que jamais pour les entreprises. 🛡️ #Cybersécurité #InitialAccessBroker #Cybermenaces
https://www.lemagit.fr/conseil/Cybercriminalite-quest-ce-quun-courtier-en-acces-initial
More on this #Gootloader . It appears to be part of this August campaign: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/gootloader-why-your-legal-document-search-may-end-in-misery/
Make sure if you visit a site and get the WP forum page with the link (and you want the sample), that you download immediately. They have some cool evasion tricks such as x-pingback, etc. to look to see if you've visited before and meet criteria, in order to hide their payloads from researchers.
The cyber crims are working through the holidays, and so are we. Here's Monday's newsletter on all the developments in infosec, just for you:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-744?sd=pf
International law enforcement agencies notched up another win last week, having successfully taken down the notorious Initial Access Broker Genesis Marketplace last week - or did they? The site remains active and the admins appear to have gotten away unscathed, so what victory was there to be had?
#Microsoft, in collaboration with #Fortra and the Health ISAC, are commencing work to dismantle infrastructure used by actors abusing cracked versions of the offensive Cobalt Strike framework. It'll be an uphill battle, and it remains to be seen if they can make a dent in the sprawling global footprint achieved by the cyber crim's implant of choice.
Be warned - a PoC exploit has been released for a CVSS 10.0 Sandbox Escape vulnerability impacting the VM2 JavaScript Sandbox, which itself has >16 million monthly downloads on #npm. Researchers have also uncovered a vulnerability in #WiFi APs that could allow hijacking and snooping of client traffic; #Apple patches two actively exploited 0-days in #iOS, #iPadOS and #macOS, and #CISA urges patching of #Zimbra bugs exploited by Russian APTs.
The #redteam have some great tooling and tradecraft to help with Microsoft #MFA enumeration and performing port forwarding on compromised #Cisco gear, while the #blueteam are again spoiled for choice - a new database of exploited drivers, research on abuse of SFX archives for persistence, and threat models for #AWS KMS and CI/CD pipelines - take your pick!
Check out the newsletter and catch all this and much more excellent threat and tradecraft research, to help you gear up for the week ahead:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-744?sd=pf
Happy Easter Monday to everyone lucky enough to be enjoying the holiday, I hope you're all having a great break wherever you are, and a reminder that if you're travelling on the roads, to please drive safe!
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #exploit #PoC #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #CobaltStrike #IAB #InitialAccessBroker #GenesisMarketplace
Ares group selling access to the Mexican police system. Advertised capabilities are identifying and tracking gang members.
#CyberCrime #IAB #InitialAccessBroker #Gangcrime #InfoSec #Mexico
Who is the Network Access Broker ‘Wazawaka?’ - In a great many ransomware attacks, the criminals who pillage the victim’s network... https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/ #constellaintelligence #devdelphi@yandex.ru #initialaccessbroker #mikhailmixmatveev #neer-do-wellnews #mix@devilart.net #mixfb@yandex.ru #uhodiransomware #mikhailmatveev #cs-arena.org #breadcrumbs #domaintools #ransomware #flashpoint #ddosis.ru #kopyovo-a #darkside #wazawaka
Who is the Network Access Broker ‘Wazawaka?’ https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/ #ConstellaIntelligence #devdelphi@yandex.ru #initialaccessbroker #Ne'er-Do-WellNews #MikhailMixMatveev #mix@devilart.net #mixfb@yandex.ru #Uhodiransomware #MikhailMatveev #cs-arena.org #Breadcrumbs #domaintools #Ransomware #Flashpoint #ransomware #ddosis.ru #Kopyovo-a #DarkSide #Wazawaka #LockBit #902228 #Abakan #Abaza
