30. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim refuses to pay the ransom. Usually, after an attack is claimed, a small amount of data is published to show proof of the attack’s success and induce the victim to pay.

We maintain a GitHub repository with a collection of Cyber Threat Intelligence (CTI) sources coming from the Deep and Dark Web. The last additions to the ransomware gangs were as follows:

  • EMBARGO (21/04/2024)
  • QIULONG (22/04/2024)
  • dAn0n (25/04/2024)
  • SpaceBears (29/04/2024)

The following are screenshots of the DLS:

EMBARGO Cyber Attacker DLS
dAn0n Cyber Attacker DLS
QIULONG Cyber Attacker DLS
SpaceBears Cyber Attacker DLS

Activities of these new groups are already being monitored by our Threat Intelligence Platform SATAYO.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth IT Italy

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth IT Italy

Latest posts by Mirko Ioris

22. 12. 2025 Blue Team, SEC4U
Meet The CDC! Our Innovative Concept For A Modern SOC
26. 11. 2025 Blue Team, SEC4U
You’ve Got a New Message! Oh No… It’s Malware!
13. 09. 2025 Blue Team, SEC4U
A Practical Guide to Working with Windows Authentication Logs – Part 2
25. 06. 2025 Blue Team, SEC4U
A Practical Guide to Working with Windows Authentication Logs – Part 1
31. 07. 2024 SEC4U, SOCnews
July 19 – The Day Cyber Security Almost Caused a Global IT Blackout
See All

Related Content

Tags: , , , ,

03. 06. 2026 SATAYO, SEC4U, Threat Intelligence

The Hidden Threat of Subdomain Takeovers

As a Cyber Threat Intelligence (CTI) Analyst, my daily work often involves analyzing suspicious domains that look like our clients' brands. One of our goals is to prevent phishing campaigns and brand abuse. We usually hunt for external threats like Read More
11. 03. 2026 Blue Team, Log-SIEM, SEC4U, Threat Intelligence

From Static Lists to Threat Intelligence: Better Domain Detection in Elastic

A scalable approach to detecting malicious domains using Threat Intelligence and Indicator Match Rules One of the most common techniques used in phishing and initial access campaigns is the creation of domains that closely resemble legitimate ones. Attackers exploit typosquatting, Read More
02. 01. 2026 SATAYO, Threat Intelligence

Ransomware Double Extortion Attack: 2025 Overview

As 2025 comes to a close, we can make some observations regarding the evolution of the double-extortion ransomware attack landscape. The data shown is the result of the enrichment performed within SATAYO starting from the data made available by the Read More
15. 12. 2025 Blue Team, Log-SIEM, SEC4U

Hunting Silent Kerberoasting: Detecting RC4 TGS Floods with Elastic

Introduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS - Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them Read More
05. 11. 2025 SATAYO, Threat Intelligence

Embedding Threat Intelligence into Your Security Operations

Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive