filmov
tv
February 18, 2025 Cyber Threat Intelligence Briefing
Показать описание
February 18, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers:
00:00 - Intro and Situational Awareness
CL0P Update
CL0P updated their data leak site with a new victim list of approximately 43 organizations. The organizations are likely from the previous redacted list containing company names from C-E and are possibly associated with the Cleo zero-day vulnerability.
U.S. Sanctions LOCKBIT’s Bulletproof Hosting (BPH) Provider
The U.S., along with Australia and the UK, have sanctioned the bulletproof hosting provider Zservers. Zservers is a Russia-based provider and was essential for supplying attack infrastructure for LOCKBIT to utilize for its operations.
Ransomware Payments Dropped in 2024
According to Chainalysis, ransomware payments saw a decrease in payments last year compared to 2023 by 35%.
2:23 – [PATCHING] Microsoft Patch Tuesday Addresses 66 Issues, 2 Zero-Days
Microsoft has fixed 66 vulnerabilities in February’s patch cycle and Microsoft Edge releases.
3:56 – [CAMPAIGN] KTA029 (AKA Sandworm) Distributing Malware via KMS
Key Takeaways
• KTA029 infecting pirated Microsoft software with malware
• Campaign deploys BACKORDER and DCRAT
• BACKORDER adds folders to Microsoft Defender’s exclusion lists
• KTA029 used scheduled tasks used for persistence
• A new backdoor that creates a Tor service also been deployed
Ransomware Roundup
6:02 – PHOBOS Ransomware Arrests and 8BASE Site Seized
A coordinated law enforcement global operation dubbed "Phobos Aetor" led to the arrest of four members of the Phobos ransomware group in Thailand. These individuals are believed to have extorted around $16 million in Bitcoin from over 1,000 victims worldwide.
Dive deeper:
Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings
#krollcyber #threatintelligence #cyberthreats
This week’s briefing covers:
00:00 - Intro and Situational Awareness
CL0P Update
CL0P updated their data leak site with a new victim list of approximately 43 organizations. The organizations are likely from the previous redacted list containing company names from C-E and are possibly associated with the Cleo zero-day vulnerability.
U.S. Sanctions LOCKBIT’s Bulletproof Hosting (BPH) Provider
The U.S., along with Australia and the UK, have sanctioned the bulletproof hosting provider Zservers. Zservers is a Russia-based provider and was essential for supplying attack infrastructure for LOCKBIT to utilize for its operations.
Ransomware Payments Dropped in 2024
According to Chainalysis, ransomware payments saw a decrease in payments last year compared to 2023 by 35%.
2:23 – [PATCHING] Microsoft Patch Tuesday Addresses 66 Issues, 2 Zero-Days
Microsoft has fixed 66 vulnerabilities in February’s patch cycle and Microsoft Edge releases.
3:56 – [CAMPAIGN] KTA029 (AKA Sandworm) Distributing Malware via KMS
Key Takeaways
• KTA029 infecting pirated Microsoft software with malware
• Campaign deploys BACKORDER and DCRAT
• BACKORDER adds folders to Microsoft Defender’s exclusion lists
• KTA029 used scheduled tasks used for persistence
• A new backdoor that creates a Tor service also been deployed
Ransomware Roundup
6:02 – PHOBOS Ransomware Arrests and 8BASE Site Seized
A coordinated law enforcement global operation dubbed "Phobos Aetor" led to the arrest of four members of the Phobos ransomware group in Thailand. These individuals are believed to have extorted around $16 million in Bitcoin from over 1,000 victims worldwide.
Dive deeper:
Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings
#krollcyber #threatintelligence #cyberthreats
0:07:58
0:14:33
0:05:14
0:32:17
0:18:41
0:01:40
0:27:20
0:05:01
0:04:45
0:10:12
0:10:35
0:17:26
0:01:00
0:15:48
0:07:04
0:06:04
0:00:30
0:20:11
0:19:06
0:02:27
0:00:59
0:00:31
1:11:11
0:01:21