30. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim refuses to pay the ransom. Usually, after an attack is claimed, a small amount of data is published to show proof of the attack’s success and induce the victim to pay.

We maintain a GitHub repository with a collection of Cyber Threat Intelligence (CTI) sources coming from the Deep and Dark Web. The last additions to the ransomware gangs were as follows:

  • EMBARGO (21/04/2024)
  • QIULONG (22/04/2024)
  • dAn0n (25/04/2024)
  • SpaceBears (29/04/2024)

The following are screenshots of the DLS:

EMBARGO Cyber Attacker DLS
dAn0n Cyber Attacker DLS
QIULONG Cyber Attacker DLS
SpaceBears Cyber Attacker DLS

Activities of these new groups are already being monitored by our Threat Intelligence Platform SATAYO.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Latest posts by Mirko Ioris

26. 04. 2024 SOCnews
SOC News | Apr 26 – ArcaneDoor: A New Espionage Campaign
24. 04. 2024 SOCnews
SOC News | Apr 24 – Full AMMEGA Data Breach Published
28. 03. 2024 SOCnews
SOC News | Mar 28 – New Vulnerabilities Added to the KEV Catalog
11. 03. 2024 SOCnews
SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities
04. 01. 2024 Blue Team, SEC4U
Hacker Group Activities and Cyber Security Concerns | Second Semester 2023
See All

Related Content

Tags: , , , ,

26. 04. 2024 SOCnews

SOC News | Apr 26 – ArcaneDoor: A New Espionage Campaign

Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The Read More
24. 04. 2024 SOCnews

SOC News | Apr 24 – Full AMMEGA Data Breach Published

Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA's data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Read More
28. 03. 2024 SOCnews

SOC News | Mar 28 – New Vulnerabilities Added to the KEV Catalog

On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor Read More
15. 03. 2024 Blue Team, SEC4U

SATAYO and SOC: in the New Midlands

This article explains how the Cyber Threat Intelligence platform SATAYO serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO's internal resources for creating Read More
11. 03. 2024 SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive