X-Industry

The banking malware known as Carbanak has been observed to be used in ransomware attacks with updated tactics.  The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness.  Carbanak returned in November 2023 through new distribution chains and has been distributed through compromised websites to impersonate various business-related software.

See:  https://redskyalliance.org/Finance/never-take-malware-from-strangers

Some impersonated tools include popular

Black Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing.  The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

They say “Birds of a Feather, Flock Together.”  This holds true with criminal hackers.  Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]

Link to full report: TR-22-095-002_Fin7.pdf

[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/

Activity Summary - Week Ending on 12 November 2021:

• Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
• Analysts identified 3,224 new IP addresses participating in various Botnets
• Sality remains the top Malware Variant at 24,282 Observation
• Chaos Ransomware
• Fake Ecommerce and Black Friday
• Robinhood Hit (Again)
• CISA 22-01
• Ukraine & Gamaredon SSU Arrests
• Pakistan and Russia
• Cyber Attack US Federal Indictments
• FIN7 still Kicking Around

Link to full repo

Activity Summary - Week Ending 10 September 2021:

• Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
• Analysts identified 1,034 new IP addresses participating in various Botnets
• 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
• Sality Malware Variant seen 42252 times this past week
• Hive Ransomware Alert
• STRRAT RAT
• FIN7 again
• Microsoft and $20 billion in Cyber Security
• South Korea and TrickBot Arrest
• To SOAR, or to SIEM

We have all been told not to take candy from strangers. The FBI is warning not to take USB's from them either. The FBI has recently warned a new campaign is targeting businesses from the infamous Fin7, or Carbanak Group. Also known as the Navigator Group, the cybercriminals have been tied to more than $1 billion in fraud. The group has a history of infecting point-of-sale devices with malware and using them to steal payment card information.

Researchers at Trustwave SpiderLabs disclosed an attac