Deep and Dark Web Round Up

Deep and Dark Web Round Up

Weekly Highlights

  • For continuing DarkOwl/overall analysis of the conflict between Israel and Hamas, and what cyber efforts accompany this ongoing situation, please see the first section titled “Middle East Conflict”
  • Smishing spreads from Europe, Middle East to Pakistan using dark web credential databases
  • Astaroth malware spreads globally
  • ONNX phishing as a service platform debuts, uses Telegram bots
  • Empire Market operators indicted

Middle East Conflict

There were no notable cyber activities going on this week with the latest Israel-Hamas conflict, but a few developments below will almost certainly influence continued physical and cyber activities and campaigns.

  • Malicious maritime activity continues in the Red Sea, and drone attacks continue throughout the Middle East region as various conflicts rage on.

Malware/Ransomware

Smishing spreads from Europe and Middle East to Pakistan

While previous targeting areas included the EU and various countries throughout the Middle East, threat actor group “Smishing Triad” has expanded operations to Pakistan. The group, likely operating on behalf of the Chinese government, procures and uses stolen databases from the darkweb to send fraudulent SMS messages. The URLs contained in said SMS messages lead to false websites that prompt for credentials. The messages are themed to be delivery notifications for FedEx and other courier services, including local Pakistani service Pakistan Post.

Astaroth malware spreads globally

Both Cisco and Google’s Threat Analysis Group revealed that a group they named “PINEAPPLE” (a.k.a. UNC5176) is targeting Brazilian organizations using financial-themed spam. PINEAPPLE abuses various cloud systems to spread Astaroth malware through Europe and now, Latin/South America. The campaign involves emails and malvertising to distribute the malware, which then checks for sandbox and antivirus detection. Continuing this trend, Google also highlighted group “FLUXROOT”, which works with the Grandoreiro banking trojan, and steals user credentials, abusing Azure and Dropbox services.

Threat Actor Activity

New ONNX Phishing as a Service campaign debuts, uses Telegram

A new Phishing-as-a-service (PhaaS) platform, ONNX Store, is using Microsoft 365 accounts to target employees of the financial sector using malicious QR codes in PDF attachments. The operation uses Telegram bots and can bypass multi-factor authentication (MFA). The main threat is the bots posing as an HR employee, offering “raises” or salary discussion to employees of credit unions, banks, and other financial firms.

Operators of Empire Market arrested

Continuing the global trend of cracking down on online criminal marketplaces and actors, actors “Dopenugget”, real name Thomas Pavey, and “Sydney/Zero Angel”, real name Raheim Hamilton, were charged by the US Department of Justice. While it is suspected they began their activity on AlphaBay, the men eventually went on to facilitate transactions for stolen credit card numbers, narcotics purchases, and other criminal underground material on Empire Market with a value of approximately $430 million dollars.

Notable Leaks and Breaches

Suggested Further Reading

About DarkOwl

DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?

Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?

DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?

For more information, visit www.darkowl.com

要查看或添加评论,请登录

DarkOwl的更多文章

社区洞察

其他会员也浏览了