Security researchers from Hunt.io have identified an unauthenticated open directory while examining indicators of compromise published in an earlier CyberXTron report on the TheGentlemen ransomware group. The directory, hosted at IP address 176.120.22.127 on port 80, resides on infrastructure belonging to Proton66 OOO (AS198953), a Russian provider previously linked to other malicious campaigns. The server had been active for at least 24 days prior to discovery. The directory contained 126 fil
mimikatz (4)
The cyber threat landscape is constantly evolving, but few threats demand immediate, sector-wide attention like the latest joint advisory on the Akira ransomware. The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and international partners recently issued a crucial advisory (AA24-109A) detailing the tactics, techniques, and procedures (TTPs) of the Akira ransomware group. Their accompanying press release highlighted the need for decisi
Tinexta Cyber and SentinelLabs have tracked threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, researchers have assessed that it is highly likely a China-nexus threat actor conducted these attacks with cyberespionage motivations.
The relationships between European countries and China are complex and characterized by cooperation, competition, and underlying
In a recent study by CrowdStrike regarding cyber threat activity show more intrusion attempts in the first six months of this year than in all of 2019. The pandemic-related shift to remote work and the growing availability of Ransomware-as-a-Service (RaaS) were two major drivers. Red Sky Alliance has reported on many of these ransomware groups and actors in detail in 2020. These reports can be found at no charge at https://redskyalliance.org.
The security vendor's threat-hunting team blocked
