Monthly Threat Highlights Report
Insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.
Latest highlights
July 2022
- Trickbot group attack Ukraine
- Brute Ratel being abused by threat actors
- Black Basta on the rise
- Ransomware: Trends and notable reports
- BlackCat under the spotlight
- Vice Society
- A closer look at LockBit 3.0
- Hive joins BlackCat in using Rust
- CISA produce alert on MedusaLocker
- HavanaCrypt, a new group with novel tactics
- Q2 statistics from Digital Shadows
-
- Other notable highlights in brief
- Threat data highlights
- Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts
June 2022
- Follina, an exploited vulnerability in MSDT
- Emotet back at full power
- State-backed actors target Confluence vulnerability
- Law enforcement takes down Flubot
- Ransomware: Trends and notable reports
- A look at the ransomware ecosystem
- LockBit is updated to 3.0
- An advisory on Karakurt
- “Ransomware” targeting Elasticsearch
- The costs of ransomware to businesses
- Other notable highlights in brief
- Research highlights: WithSecure™ ransomware threat update
May 2022
- Advisory on initial access techniques
- Emotet back at full power
- BPFDoor, an insidious backdoor
- Ransomware: Trends and notable reports:
- Is this the end of Conti?
- Iran is carrying out ransomware attacks
- Operator of Thanos builder charged
- The return of REvil?
- Other notable highlights in brief
April 2022
- CNI targeted with ICS malware
- FA Fatigue: A new attack technique
- The disruption of ZLoader
- A breakdown of ContiLeaks
- RANSOMWARE: Trends and Notable Reports
- A look at Blackcat/ALPHV
- Russia in the crosshairs
- Quantum: a 4-hour attack
- LockBit strike Rio de Janeiro finance department
- BlackByte breakdown
- Nokoyawa, a Nempty strain
- Other Notable Highlights in Brief
March 2022
- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports
- RURansom targets Russia
- Advisory on AvosLocker
- HermeticRansom can be decrypted
- Sophos collates their ransomware research
- An analysis of LockBit 2.0
- Estonian imprisoned for connection with ransomware and cybercrime
- Other Notable Highlights in Brief
Previous reports
February 2022
- RUSSIA-UKRAINE CONFLICT: Related cyber activity
- SANDWORM: Using new malware Cyclops Blink
- KARAKURT: A threat actor focused on extortion
- DAXIN: A Chinese-linked espionage tool
- RANSOMWARE: Trends and Notable Reports
- Recovery of data encrypted by Hive ransomware
- Joint advisory on ransomware
- CONTI Leaks
- Other Notable Highlights in Brief
January 2022
- UKRAINE: Defacements and WhisperGate Wiper
- CISA: Russian Nation State Threats
- Log4j: A Pervasive Library Vulnerability
- SYSJOKER: New Backdoor Targets Windows, Mac and Linux
- EARTHLUSCA: Financially Motivated Chinese Threat Actor
- RANSOMWARE: Trends and Notable Reports
- REvil Associates Arrested
- Europol shutdown VPN Labservers
- Other Ransomware Group Insights
- Other Notable Highlights in Brief
November 2021
- IRANIAN ACTORS: Evolving Trends
- DEV-0322: ManageEngine Exploitation
- RANSOMWARE: Trends and Notable Reports
- Targeting Victims of Significant Financial Events
- US Law Enforcement and Sanctions
- TA505 Exploiting Serv-U Vulnerability
- Other Ransomware Group Insights
- Other Notable Highlights in Brief
October 2021
- MYSTERYSNAIL: Exploits Windows Zero Day
- ESPECTER: A Real World UEFI Bootkit
- RANSOMWARE: Trends and Notable Reports
- US Treasury Financial Trends Report
- VirusTotal Global Ransomware Context Report
- BlackMatter Ransomware
- Ransomware
- Tradecraft Evolutions
September 2021
- FAMOUSSPARROW: New APT targeting international hotels
- OMIGOD VULNERABILITIES: Exploitation in Microsoft’s Open Management Infrastructure (OMI)
- CONFLUENZA: Critical OGNL injection vulnerability being exploited
- RANSOMWARE HIGHLIGHTS: BlackMatter, US government sanctions against cryptocurrency exchange, CISA advisory on CONTI ransomware
Download report
August 2021
- SHADOWPAD: A modular malware platform of Chinese origin
- RANSOMWARE: LockBit 2.0, vulnerability exploitation and a disgruntled affiliate
- INKYSQUID: Web browser exploits used to infect victims
Download report
July 2021
- INSO Pegasus spyware targeting human rights activists
- APT31 exploiting home routers in attack against French organizations
- GRU global brute forcing campaigns
- REvil ransomware exploits Kaseya VSA software to attack their customers
- CISA, NCSC, ACSC & FBI report on top routinely exploited vulnerabilities
Download report
June 2021
- Siloscape: A cloud native attack targeting windows containers
- GELSEMIUM: Operation NightScout supply chain attack
- ATM Jackpotting: Exploiting NFC vulnerability
- SITA: Data breach effecting Air India linked to APT41
- Data Breaches: McDonalds SK and Volkswagen
Download report
April 2021
- Pulse Secure VPN Vulnerabilities Actively Exploited In The Wild
- Sonicwall Email Security Product Zero Days Under Active Exploitation
- US Government Attributes Solarwinds Campaign To Russian SVR
- Codecov Supply Chain Breach
- Lazarus Group: Vyveva Backdoor
- Facebook And Linkedin Data Leaks
Download report
March 2021
- Proxylogon Exploits Microsoft Exchange Zero-day Vulnerabilities Crisis
- UNC2452/Nobelium New Second-stage Malware Discovered
- Supernova Webshell: Spiral Threat Group Targeted Solarwinds
- Operation Dianxun: Mustang Panda’s Latest Campaign Targeting Telecommunications
- Accellion FTA Vulnerability: Shell Energy Company, Qualys Cyber Security Firm And Flagstar Bank
- Indrik Spider: Changing Ttps In Response To Sanctions
- Red Echo Targeting Indian Critical Infrastructure: China-indian Geopolitical Tensions
- APT10 Delivering Multi-layered Loader Ecipekac In A41APT Campaign
Download report
February 2021
- Silver Sparrow, a macOS malware compiled for Apple’s new M1 ARM64 chip architecture was identified infecting a large number of endpoints
- ANSSI disclosed a three-year campaign by the Sandworm threat actor targeting the IT monitoring software company Centreon
- A water treatment facility was compromised in the US and chemical levels in the water alerted after an actor gained access via TeamViewer
- CISA reported on activity by an APT group linked to the DPRK targeting organizations involved in the Cryptocurrency vertical
- Multiple vulnerabilities in Accellion’s File Transfer Appliance (FTA) exploited for data theft and extortion of victims
- Operation NightScout: A supply Chain compromise of gamers in Asia through BigNox’s NoxPlayer delivers surveillance related malware
- Lazarus group targeting defense industry with spearphishing and ThreatNeedle malware cluster to steal sensitive data
Download report
- Slide 1
- Slide 2
- Slide 3