Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issuesSeptember 7, 2022 11:09
Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
De-anonymizing ransomware domains on the dark webJune 28, 2022 08:06
* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify the public internet IPs involved matching threat actors’ TLS certificate serial numbers
Avos ransomware group expands with new attack arsenalJune 21, 2022 07:06
By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pair of VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell.