Security News
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. "Androxgh0st is a Python-scripted malware primarily used to target.env files that contain confidential information, such as credentials for various high profile applications," the two agencies cautioned.
The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. "ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations," the FBI says.
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. "As a result, the FBI identified and collected 946 public/private key pairs for Tor sites that the Blackcat Ransomware Group used to host victim communication sites, leak sites, and affiliate panels like the ones described above."
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked...
"As a result of our office's tireless efforts, alongside FBI Miami, US Secret Service, and our foreign law enforcement partners, we have provided BlackCat's victims, in the Southern District of Florida and around the world, the opportunity to get back on their feet and to fortify their digital defenses. We will continue to focus on holding the people behind the BlackCat ransomware group accountable for their crimes." An AlphV admin said the law enforcement agencies only had access to a "Stupid old key" for the old blog site which was deleted by the group a long time ago and has since not been used.
The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. With this access, the FBI silently monitored the ransomware operation for months, siphoning decryption keys and sharing them with over 500 victims so that they did not have to pay a ransom for a decryptor.
Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack attempts are currently low in volume.
The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. "Since June 2022, the Play ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe," the three government agencies cautioned today.
Absence of arrests doesn't mean nothing's happening, cyber-cops insist The FBI is applying "significant" resources to find members of the infamous Scattered Spider cyber-crime crew, which...
Scattered Spider attacks were documented since last summer when researchers at cybersecurity company Group-IB publishing a report about a spree of attacks aiming to steal Okta identity credentials and 2FA codes, which had started March the same year. The FBI and CISA alert highlights Scattered Spider's powerful initial access tactics that involve targeting a company's employees by posing as IT or help-desk staff and tricking them into providing credentials or even direct network access.