X-Industry

phobos (3)

Weekly Cyber Intel Report - All Sector

9899649489?profile=RESIZE_400xActivity Summary - Week Ending on 10 December 2021:

  • Red Sky Alliance identified 44,043 connections from new IP’s checking in with our Sinkholes
  • dauction.ru Still has Issues
  • Analysts identified 3,806 new IP addresses participating in various Botnets
  • Phobos Ransomware
  • Yanluowang Ransomware
  • The Snatch Hacking Group
  • USB drives – Old Tactic
  • Hacker arrested in Ottawa
  • Becoming a Pro
  • Trains, Planes and Automobiles
  • MatchMG

Link to full report: IR-21-344-001_weekly344.pdf

Broker Offers Network Access for Only $25

9822927285?profile=RESIZE_400xA new initial access broker named Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, with access prices starting at just $25, according to a new report.  Zebra2104 enters a victim’s network and sells that access to the highest bidder on underground forums in the dark web.  This process saves threat actor customers the time, effort, and expense of gaining a toehold in an organiza

Do you know where your Bitcoins are Today?

8989703898?profile=RESIZE_400xA new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.   Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.

The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.  Panda Stealer was discovered by Trend Micro at the beginning of A