CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
The group managed to level up to the maximum. Who are her allies?
Cybersecurity experts are monitoring the activity of a new cybercrime group known as ShadowSyndicate (formerly Infra Storm).
According to a joint technical report by Group-IB and Bridewell, hackers collaborate with multiple groups and use at least 7 ransomware families.
Starting from July 16, 2022, attackers interacted with a number of ransomware programs, including Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play. After the operation, programs like Cobalt Strike and Sliver were used, as well as loaders: for example, IcedID and Matanbuchus.
Researchers found a characteristic SSH fingerprint on 85 servers. Of these servers, 52 were used to manage and coordinate malicious activities using the "Cobalt Strike" tool. We also found 8 different keys for activating this tool.
Most of the servers are located in Panama (23), Cyprus (11), Russia (9), and the Seychelles (8). Group-IB also identified cross-links between ShadowSyndicate and other malware such as TrickBot, Ryuk/Conti, FIN7, and TrueBot.
"Of the 149 IP addresses associated with the Cl0p group, 12 have changed ownership to ShadowSyndicate since August 2022. So, it is possible that the groups somehow share the infrastructure," the experts noted.
The global cybersecurity community is alarmed by the increased activity of hackers. This is confirmed by recent events in Germany, where law enforcement agencies detained two key figures of the DoppelPaymer group: a 44-year-old Ukrainian and a 45-year-old local resident.
The attention of the FBI and CISA is attracted by the Snatch group, which has been attacking critical infrastructure facilities in the United States and other countries since mid-2021.
Experts are particularly concerned about the activities of the Akira group: since March of this year, they have carried out more than a hundred successful attacks on objects in the United States and Great Britain.
Insurance claims related to cyber incidents in the United States have increased significantly this year. The average financial damage from a single attack exceeds $365,000.
However, there are some positive aspects. According to recent data from GuidePoint and NCC Group, August 2023 showed a 20% decrease in ransomware activity. Only the LockBit group did not reduce its activity, with 124 attacks per month on their account.
Cybersecurity experts are monitoring the activity of a new cybercrime group known as ShadowSyndicate (formerly Infra Storm).
According to a joint technical report by Group-IB and Bridewell, hackers collaborate with multiple groups and use at least 7 ransomware families.
Starting from July 16, 2022, attackers interacted with a number of ransomware programs, including Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play. After the operation, programs like Cobalt Strike and Sliver were used, as well as loaders: for example, IcedID and Matanbuchus.
Researchers found a characteristic SSH fingerprint on 85 servers. Of these servers, 52 were used to manage and coordinate malicious activities using the "Cobalt Strike" tool. We also found 8 different keys for activating this tool.
Most of the servers are located in Panama (23), Cyprus (11), Russia (9), and the Seychelles (8). Group-IB also identified cross-links between ShadowSyndicate and other malware such as TrickBot, Ryuk/Conti, FIN7, and TrueBot.
"Of the 149 IP addresses associated with the Cl0p group, 12 have changed ownership to ShadowSyndicate since August 2022. So, it is possible that the groups somehow share the infrastructure," the experts noted.
The global cybersecurity community is alarmed by the increased activity of hackers. This is confirmed by recent events in Germany, where law enforcement agencies detained two key figures of the DoppelPaymer group: a 44-year-old Ukrainian and a 45-year-old local resident.
The attention of the FBI and CISA is attracted by the Snatch group, which has been attacking critical infrastructure facilities in the United States and other countries since mid-2021.
Experts are particularly concerned about the activities of the Akira group: since March of this year, they have carried out more than a hundred successful attacks on objects in the United States and Great Britain.
Insurance claims related to cyber incidents in the United States have increased significantly this year. The average financial damage from a single attack exceeds $365,000.
However, there are some positive aspects. According to recent data from GuidePoint and NCC Group, August 2023 showed a 20% decrease in ransomware activity. Only the LockBit group did not reduce its activity, with 124 attacks per month on their account.
