Deep and Dark Web Round Up
Weekly Highlights
Middle East Conflict
There were no notable cyber activities going on this week with the latest Israel-Hamas conflict, but a few developments below will almost certainly influence continued physical and cyber activities and campaigns.
?Malware/Ransomware
?Cyber actors are cold-contacting employees of various US cell phone companies and offering them cash in exchange for their participation in SIM swapping operations. In SIM swapping incidents, actors fool a wireless carrier, such as Verizon or T-Mobile (who were both targeted in this latest campaign) into rerouting services to a device controlled by the criminals themselves. Once the “swap” is completed, the victims lose access to most personal accounts and personal data attached to the cell phone account is also stolen and used in other malicious operations.
Cisco cautions of increase in brute-force attacks targeting VPN, SSH services
Citing TOR exit nodes as the origin, Cisco issued a warning about broad attacks targeting Cisco VPNs, web services, and Mikrotik routers. The brute-force attempts use tunnels and proxies for anonymization. Patching is one of the simplest ways to offer protection against this method.
Threat Actor Activity
Firebird RAT operator arrested in joint operation between US, Australia
Two people were arrested for the creation and use of the Firebird RAT, which was later titled the Hive RAT. An unnamed Australian man and US-citizen Edmond Chakmakhchyan, who operated online under the handle “Corruption”, sold the RAT on hacking forums. They accepted Bitcoin as payment and provided user support to those who purchased the malware. This operation was halted when the actors sold a license for the RAT to an undercover FBI agent.
领英推荐
Malware such as Agent Tesla, Xworm, and keyloggers is showing up in documents with the exploits embedded in images. The targeted sectors include public services, electric/power entities, and construction entities in Latin America, but Romania, Russia, and Turkey have also been targeted in this campaign. Phishing emails are sent with a malicious Excel attachment to start the process of data theft. The stolen data is subsequently sent to Telegram bots which are controlled by user handle “joekoala.”
Notable Leaks and Breaches
Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?
For more information, visit www.darkowl.com