LockBit Developer Charged, Juniper Networks Warns of Malware, and New Phishing-as-a-Service Offer Takes Off
Searchlight Cyber
The Dark Web Experts - Stop cyberattacks earlier with dark web intelligence.
Want to get our weekly newsletter earlier? Subscribe to receive Beacon in your inbox every Thursday at 10AM.
This Week's Roundup of the Biggest Cybersecurity Stories
Alleged LockBit Developer Charged
Rostislav Panev, 51, a dual citizen of Russia and Israel, has been charged in the US with developing and maintaining the source code of the LockBit ransomware. Panev also allegedly operated StealBit, a tool that allowed the exfiltration of sensitive data from victims before the encryption process was initiated. It is claimed that he earned about US $230k between June 2022 and February 2024. Panev is also accused of exchanging direct messages with Dmitry Yuryevich Khoroshev, the primary administrator of the LockBit RaaS operation and user of the LockBitSupp handle. The statement from the Department of Justice came in the same week that LockBit teased LockBit 4.0 on its dark web leak site.
Juniper Networks Warns Customers of Mirai Malware Attacks
The network products company warned that all versions of the Juniper Networks Session Smart Router (SSR) are being targeted by Mirai malware operators after it was discovered that many devices still used factory-set passwords. A variant of the malware was seen targeting the devices and, once infected, disrupted websites with junk traffic in an attempt to carry out distributed denial-of-service (DDoS) attacks. The manufacturer claimed that the only way of stopping the threat is by reimaging the system. Some indicators that may indicate the system was infected included unusual port scanning, frequentSSH login attempts, and increased outbound traffic.
Disruption of Rockstar2FA Phishing-as-a-Service Sees Competitor Moves
The Rockstar2FA Phishing-as-a-Service (PaaS) toolkit has had technical interruption since November 11, 2024, causing an uptick in the use of another offering called FlowerStorm. Rockstar2FA allowed users to acquire and control their campaigns via the interface of the instant messaging platform Telegram. About 2,000 domains were attributed to Rockstar2FA, generally using .ru, .com, .su and other top level domains. FlowerStorm has been active since at least June 2024 and - according to Sophos - shares similarities with Rockstar2FA, raising the possibility of a common ancestry. However, there is no definitive evidence linking the two services at this stage.
领英推荐
The Latest from Searchlight
Dark Web Trends in 2025
Our latest blog calls out possible trends we could observe next year, including an increase in: AI-facilitated cyberattacks, law enforcement takedowns, and the potential penalties for ransomware payments.? Read on.
Infostealers on the Dark Web
Our latest podcast examines where we see infostealer activity on the dark web and how monitoring it can help organizations keep abreast of infostealer trends. Listen on our website, Spotify, Apple Podcasts, and YouTube.
Further Reading