Deep and Dark Web Round Up
Weekly Highlights
Malware/Ransomware
The threat actor “Stargazer Goblin” has created a network of over 3,000 inauthentic GitHub accounts meant to spread malware and phishing links. Over the past year, the network of accounts disseminating information-stealing malware has earned the threat actor $100,000 in profits. The collection of accounts has been named the “Stargazers Ghost Network,” and it is believed to have first emerged on a smaller scale in August 2022.
Japanese organizations are being targeted by a Chinese state-backed Advanced Persistent Threat (APT) group believed to be APT10, also known as Red Apollo, Bronze Riverside, ChessMaster, Cicada, Cloudhopper, MenuPass, MirrorFace, Purple Typhoon, and Stone Panda. The threat actor’s campaign—dubbed “Cuckoo Spear” by Cybereason—utilizes LODEINFO and NOOPDOOR malware to gain access to sensitive information. In some cases, the threat actor was found to be present in its targets’ networks for two to three years while remaining undetected.
According to new data from TRM Labs, Russian-speaking ransomware groups accounted for 69% of all cryptocurrency ransom payments in 2023. The total exceeded $500 million. LockBit, BlackCat, Black Basta, Cl0p, Play, and Akira were among the most dominant operations in 2023. While North Korea currently leads in cryptocurrency stolen through exploits and breaches, according to the most recent numbers Russia continues to dominate all other malicious activity involving cryptocurrency.??
Threat Actor Activity
On July 25, the U.S. Department of Justice (DoJ) indicted Rim Jong Hyok, a North Korean national, for his involvement in ransomware attacks against healthcare facilities in the United States. According to the DoJ press release, Hyok used proceeds from the extortion of U.S. hospitals to “fund additional computer intrusions into defense, technology, and government entities worldwide.” On the same day as the DoJ indictment, the U.S. Department of State’s Rewards for Justice program announced a reward of up to $10 million for information to help locate Rim Jong Hyok.
领英推荐
On July 24, Meta announced that it had taken down 63,000 Instagram accounts registered in Nigeria that were connected to sextortion scams. The take-down included a network of 2,500 accounts linked to 20 individuals who were primarily targeting adult men in the United States. According to Meta, the accounts were linked to the cybercrime group “Yahoo Boys.” In addition to the Instagram accounts, Meta also removed more than 7,000 Nigeria-based Facebook accounts, groups, and pages, that were sharing tips on how to conduct scams.
Notable Leaks and Breaches
Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?
For more information, visit www.darkowl.com.