phobos (3)

9899649489?profile=RESIZE_400xActivity Summary - Week Ending on 10 December 2021:

  • Red Sky Alliance identified 44,043 connections from new IP’s checking in with our Sinkholes
  • Still has Issues
  • Analysts identified 3,806 new IP addresses participating in various Botnets
  • Phobos Ransomware
  • Yanluowang Ransomware
  • The Snatch Hacking Group
  • USB drives – Old Tactic
  • Hacker arrested in Ottawa
  • Becoming a Pro
  • Trains, Planes and Automobiles
  • MatchMG

Link to full report: IR-21-344-001_weekly344.pdf

9822927285?profile=RESIZE_400xA new initial access broker named Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, with access prices starting at just $25, according to a new report.  Zebra2104 enters a victim’s network and sells that access to the highest bidder on underground forums in the dark web.  This process saves threat actor customers the time, effort, and expense of gaining a toehold in an organiza

8989703898?profile=RESIZE_400xA new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.   Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.

The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.  Panda Stealer was discovered by Trend Micro at the beginning of A