Deep and Dark Web Round Up
Weekly Highlights
Middle East Conflict
There were no notable cyber activities going on this week with the latest Israel-Hamas conflict, but a few developments below will almost certainly influence continued physical and cyber activities and campaigns.
Malware/Ransomware
Smishing spreads from Europe and Middle East to Pakistan
While previous targeting areas included the EU and various countries throughout the Middle East, threat actor group “Smishing Triad” has expanded operations to Pakistan. The group, likely operating on behalf of the Chinese government, procures and uses stolen databases from the darkweb to send fraudulent SMS messages. The URLs contained in said SMS messages lead to false websites that prompt for credentials. The messages are themed to be delivery notifications for FedEx and other courier services, including local Pakistani service Pakistan Post.
Both Cisco and Google’s Threat Analysis Group revealed that a group they named “PINEAPPLE” (a.k.a. UNC5176) is targeting Brazilian organizations using financial-themed spam. PINEAPPLE abuses various cloud systems to spread Astaroth malware through Europe and now, Latin/South America. The campaign involves emails and malvertising to distribute the malware, which then checks for sandbox and antivirus detection. Continuing this trend, Google also highlighted group “FLUXROOT”, which works with the Grandoreiro banking trojan, and steals user credentials, abusing Azure and Dropbox services.
Threat Actor Activity
领英推荐
A new Phishing-as-a-service (PhaaS) platform, ONNX Store, is using Microsoft 365 accounts to target employees of the financial sector using malicious QR codes in PDF attachments. The operation uses Telegram bots and can bypass multi-factor authentication (MFA). The main threat is the bots posing as an HR employee, offering “raises” or salary discussion to employees of credit unions, banks, and other financial firms.
Operators of Empire Market arrested
Continuing the global trend of cracking down on online criminal marketplaces and actors, actors “Dopenugget”, real name Thomas Pavey, and “Sydney/Zero Angel”, real name Raheim Hamilton, were charged by the US Department of Justice. While it is suspected they began their activity on AlphaBay, the men eventually went on to facilitate transactions for stolen credit card numbers, narcotics purchases, and other criminal underground material on Empire Market with a value of approximately $430 million dollars.
Notable Leaks and Breaches
Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?
For more information, visit www.darkowl.com