July 17, 2024 at 02:54AM Cybercrime group Scattered Spider has integrated ransomware strains RansomHub and Qilin in its activities, per Microsoft. Scattered Spider employs social engineering to breach and persist in targets, with a history of targeting VMWare ESXi servers. RansomHub, a widely used ransomware, has been linked to various threat actors. Microsoft urges security … Read more
July 16, 2024 at 09:42AM Microsoft revealed that the Scattered Spider cybercrime gang has incorporated Qilin ransomware into its attacks, notably affecting high-profile organizations. The FBI and CISA issued an advisory on the gang’s tactics, including impersonating IT employees and using phishing and MFA bombing for network access. Qilin’s advanced Linux encryptors target VMware ESXi … Read more
June 18, 2024 at 09:08AM The recent attacks on customer accounts hosted on the Snowflake data warehousing platform may indicate a shift towards targeting SaaS application environments by threat actors. A threat group, UNC3944, has broadened its focus to enterprise SaaS applications and uses tactics like ransomware attacks, credential phishing, social engineering, and creating new … Read more
June 17, 2024 at 02:42AM The notorious cyber gang UNC3944, implicated in recent attacks on Snowflake and MGM Entertainment, is now targeting SaaS applications. They have shifted to primarily focusing on data theft extortion without using ransomware and employ social engineering tactics to compromise high-privilege accounts. UNC3944 has expanded its targets to include various SaaS … Read more
November 17, 2023 at 03:56PM The cybercrime group known as Scattered Spider has been able to successfully attack US organizations without being disrupted or arrested, despite federal law enforcement being aware of their identities for over six months. The FBI and CISA have released an advisory to help organizations defend against Scattered Spider, but it … Read more
November 16, 2023 at 04:56PM The FBI and CISA have released an advisory on the threat actor known as Scattered Spider. They collaborate with the ALPHV/BlackCat Russian ransomware operation and use social engineering, phishing, and SIM swapping to gain network access. The group consists of young English-speaking members and is known to target large organizations. … Read more
October 27, 2023 at 03:15PM Microsoft’s Incident Response and Threat Intelligence team has labeled Octo Tempest, a financially motivated hacking group, as one of the most dangerous criminal groups. The group has been active since early 2022, initially targeting telecom and outsourcing companies with SIM swap attacks. They later shifted to extortion using stolen data … Read more
October 26, 2023 at 02:21PM Microsoft has identified the cyberattack group known as 0ktapus as one of the most dangerous financial criminal groups. The group, also referred to as Scatter Swine or Octo Tempest, uses advanced techniques such as adversary-in-the-middle tactics, social engineering, and SIM swapping. They have been involved in cryptocurrency theft, data-leak extortion, … Read more