anydesk (4)

12304219682?profile=RESIZE_400xThe ransomware strain known as Play is now being offered to other threat actors "as a service."  The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own.  Investigator

11027054077?profile=RESIZE_400xThe purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen.  Tools that do not allow visual interaction such as PsExec are not included in this study. 

The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1.  Indeed, threat ac

10973825883?profile=RESIZE_400xBack in the late 1960’s there was a film called, The Good, the Bad and the Ugly.  It was a story of three outlaw cowboys who exhibited these three moral traits.  Sentinel Labs are now sharing a story of the modern day The Good, the Bad and the Ugly.

The Good - The man behind the development and sale of the NLBrute password-hacking tool was extradited to the United States this week.  Known by his alias, dpxaker, US officials charged Russian national Dariy Pankov with computer and access device fr

10764242687?profile=RESIZE_400xThe threat actor who recently breached Twilio systems also targeted Cloudflare, and a few of the web security company’s employees fell for the phishing messages.   Twilio recently revealed that it became aware of unauthorized access to some of its systems on 04 August 2022.  An investigation showed that the attackers had tricked some of its employees into providing their credentials, which they then used to access internal systems and obtain customer data.[1]   The threat actor sent phishing tex