30. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim refuses to pay the ransom. Usually, after an attack is claimed, a small amount of data is published to show proof of the attack’s success and induce the victim to pay.

We maintain a GitHub repository with a collection of Cyber Threat Intelligence (CTI) sources coming from the Deep and Dark Web. The last additions to the ransomware gangs were as follows:

  • EMBARGO (21/04/2024)
  • QIULONG (22/04/2024)
  • dAn0n (25/04/2024)
  • SpaceBears (29/04/2024)

The following are screenshots of the DLS:

EMBARGO Cyber Attacker DLS
dAn0n Cyber Attacker DLS
QIULONG Cyber Attacker DLS
SpaceBears Cyber Attacker DLS

Activities of these new groups are already being monitored by our Threat Intelligence Platform SATAYO.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Latest posts by Mirko Ioris

13. 09. 2025 Blue Team, SEC4U
A Practical Guide to Working with Windows Authentication Logs – Part 2
25. 06. 2025 Blue Team, SEC4U
A Practical Guide to Working with Windows Authentication Logs – Part 1
31. 07. 2024 SEC4U, SOCnews
July 19 – The Day Cyber Security Almost Caused a Global IT Blackout
30. 06. 2024 SOCnews
SOC News | June 30 – TeamViewer Victim of a Security Breach
24. 05. 2024 SOCnews
SOC News | May 24 – Patch This Veeam Critical Vulnerability Now
See All

Related Content

Tags: , , , ,

04. 08. 2025 SEC4U, Threat Intelligence

Favicon Intelligence – Detecting Clones Of Official Web Services

In this article, I want to introduce an important new development we have introduced within the SATAYO Threat Intelligence Platform (TIP). Our experience has shown that favicons, those seemingly innocuous icons used in browser tabs and bookmarks, can be a Read More
07. 01. 2025 Threat Intelligence

Gravy Analytics breached (to be confirmed)

WARNING: This post is constantly updated based on new evidence related to the data breach. The famous company Gravy Analytics seems to have suffered an attack. In fact, inside the XSS forum, a post was published, on Sunday night by Read More
18. 11. 2024 Development, Threat Intelligence

Scaling SATAYO: OSINT Research with Apache Airflow

Originally developed as a proof of concept, SATAYO was designed to gather and analyze OSINT (Open Source Intelligence) data on a single machine. Initially, the platform functioned as a single-threaded script, and scaling was only considered later. As SATAYO’s capabilities Read More
30. 06. 2024 SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had Read More
24. 05. 2024 SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive