The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, Hacktivism, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Ransom Cartel Ransomware: A Possible Connection With REvil
(published: October 14, 2022)
Palo Alto Networks researchers analyzed Ransom Cartel, a double extortion ransomware-as-a-service group. Ransom Cartel came to existence in mid-December 2021 after the REvil group shut down. The Ransom Cartel group uses the Ransom Cartel ransomware, which shares significant code similarities with REvil, indicating close connections, but lacks REvil obfuscation engine capabilities. Ransom Cartel has almost no obfuscation outside of the configuration: unlike REvil it does not use string encryption and API hashing. Among multiple tools utilized by Ransom Cartel, the DonPAPI credential dumper is unique for this group. It performs Windows Data Protection API (DPAPI) dumping by targeting DPAPI-protected credentials such as credentials saved in web browsers, RDP passwords, and Wi-Fi keys.Analyst Comment: Network defenders should consider monitoring or blocking high-risk connections such as TOR traffic that is often abused by Ransom Cartel and its affiliates. It is crucial that your company ensure that servers are always running the most current software version. Your company should have policies in place in regards to the proper configurations needed for your servers in order to conduct your business needs safely.MITRE ATT&CK:
Support the originator by clicking the read the rest link below.
