October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more
September 19, 2024 at 08:36AM Microsoft warns of the INC ransomware used by threat actor Vanilla Tempest to target US healthcare organizations. The attacker leverages Gootloader malware to expand network access, utilizing tools like AnyDesk, MEGA, RDP, and WMI Provider Host to execute the ransomware payload. They have been active for at least two years … Read more
November 7, 2023 at 07:36AM GootBot is a new variant of the GootLoader malware that allows attackers to move laterally on compromised systems undetected. It is a lightweight but effective malware that spreads quickly and deploys further payloads. GootBot connects to compromised WordPress sites for command and control, making it difficult to block. As a … Read more
November 6, 2023 at 04:50PM The Gootloader Group, previously known for being an initial access broker and malware operator, has developed a new tool called GootBot. GootBot spreads bots in enterprise environments after compromising them. This new tool is more destructive and difficult to detect. Each bot is controlled by its own command-and-control server, and … Read more
October 20, 2023 at 03:47PM Sandu Diaconu, a Moldovan national, has been extradited from the UK to the US to face trial for allegedly operating the illicit marketplace E-Root. The marketplace specialized in selling access to compromised servers and facilitated various illegal activities, including ransomware attacks and fraud. The investigation uncovered over 350,000 compromised credentials … Read more
October 12, 2023 at 09:57AM The Everest ransomware group is seeking to recruit corporate insiders to gain access to corporate networks directly. The group is offering a percentage of the profits from successful attacks to those who assist in the initial intrusion, promising transparency and confidentiality. Everest is specifically targeting organizations in the US, Canada, … Read more