After being deported from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges. Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. According to the indictment, its affiliates have extorted ransom paym
phobos (4)
Activity Summary - Week Ending on 10 December 2021:
- Red Sky Alliance identified 44,043 connections from new IP’s checking in with our Sinkholes
- dauction.ru Still has Issues
- Analysts identified 3,806 new IP addresses participating in various Botnets
- Phobos Ransomware
- Yanluowang Ransomware
- The Snatch Hacking Group
- USB drives – Old Tactic
- Hacker arrested in Ottawa
- Becoming a Pro
- Trains, Planes and Automobiles
- MatchMG
Link to full report: IR-21-344-001_weekly344.pdf
A new initial access broker named Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, with access prices starting at just $25, according to a new report. Zebra2104 enters a victim’s network and sells that access to the highest bidder on underground forums in the dark web. This process saves threat actor customers the time, effort, and expense of gaining a toehold in an organiza
A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam. Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.
The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States. Panda Stealer was discovered by Trend Micro at the beginning of A