Deep and Dark Web Round Up
Weekly Highlights
Malware/Ransomware
Military personnel in the Middle East have been targeted by GuardZoo malware, an Android data-gathering tool. Over 450 victims across Egypt, Oman, Qatar, Saudi Arabia, Turkey, the U.A.E., and Yemen have been impacted by the surveillanceware operation, with the majority of victims located in Yemen. GuardZoo is a modification of Dendroid RAT malware which targets Android OS and was first discovered in 2014.
“EstateRansomware,” a new ransomware group discovered by Group-IB in April 2024, has exploited a security flaw in Veeam Backup & Replication software. The new threat actor has been observed exploiting Veeam flaw CVE-2023-27532 to create a rogue user account and harvest credentials.
Threat Actor Activity
On July 9th, the U.S. Department of Justice announced the disruption of a Russian, AI-powered information operation devised to spread Russian propaganda in the United States and abroad. The DOJ operation involved the seizure of two domains used to issue emails for the bot accounts, as well as the search of nearly 1,000 social media bot accounts which were subsequently suspended on X (formerly Twitter). According to the DOJ press release, the bot farm was developed by the deputy editor-in-chief of RT (formerly Russia Today), the state-controlled news organization. Court documents also reveal the use of artificial intelligence to enhance the Russian bot farm, reflecting the increasingly normalized use of AI in disinformation operations.?
International agencies have warned of the threat posed to government networks by APT40, the Chinese state-sponsored advanced persistent threat (APT) hacking group also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and Bronze Mohawk. The joint advisory, released by Australia, the U.S., the U.K., Canada, Germany, Japan, New Zealand, and South Korea, highlights ATP’s repeated targeting of government and private sector networks in Australia and the U.S.
领英推荐
“CloudSorcerer,” a new APT cyberespionage group, has targeted Russian government entities through public cloud services. The group was first discovered in May of 2024 and uses custom malware which uses cloud services (specifically Microsoft Graph, Yandex Cloud, and Dropbox) for command-and-control operations and data exfiltration. Its cyberattacks have been described as highly sophisticated.
Notable Leaks and Breaches
Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?
For more information, visit www.darkowl.com.