All Archives

Cyble-DeepDive-Analysis-Hacker-Data-Leak-Indonesia-200-Million-Citizen-Personal-Data

Indonesia Under Sophisticated Cyberattacks: A Deep-dive Analysis of Threat Actors Targeting the Indonesian Ecosystem

On May 12, 2021, more than 200M personally identifiable information (PII) of Indonesians was found to have been stolen and sold on RaidForums, contributing to a succession of cybercrime events. The lack of data protection standards and enforcement of security regulations is making the situation worrisome. In the recent incident, a threat actor (TA) with the alias ‘Kotz’ claimed to be in procession of the personal data of 279 million Indonesian citizens, both alive and dead, in a post on the cybercrime forum. The actor claimed …

Indonesia Under Sophisticated Cyberattacks: A Deep-dive Analysis of Threat Actors Targeting the Indonesian Ecosystem Read More »

Cybercriminal-Offers-Three-Million-Windows-Zero-day-RATs

Threat Actor Seeking Private 0-Day – 1 Million Deposited in a Popular Cybercrime Marketplace

A threat actor (TA), by the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums. The TA claims that the deposit has been made for the purchase of Zero Day Exploits from any forum member. Refer to Figure 1 to check the TA’s post in the forum. The TA has joined the forum in September 2012 and seems to have gained a high reputation over the course of time. The TA also has accounts on another cybercrime forum since Oct 2012. …

Threat Actor Seeking Private 0-Day – 1 Million Deposited in a Popular Cybercrime Marketplace Read More »

Deep Dive into Builder of Notorious Babuk Ransomware

In January 2021, a new ransomware called “Babuk” came to light after impacting at least five big enterprises. The ransomware has targeted many well-known organizations across several industry sectors such as Manufacturing, Transportation, Construction and Materials, and Law Firms, among others. Our research indicates that the Babuk ransomware group was highly active in May 2021 and performed at least 42 attacks, as shown in the figure below. Figure 1 – Countries affected by the ransomware The top 5 countries affected by the Babuk ransomware are the U.S, Canada, Spain, France, and Germany. The image below showcases the distribution of the top 10 industries targeted by Babuk. Figure 2 – Industry-wise split of …

Deep Dive into Builder of Notorious Babuk Ransomware Read More »

Dissection of REvil Ransomware: Kaseya VSA Supply Chain Attack

Watch the video where we analyze the Kaseya VSA supply chain attack and dissect the REvil ransomware through Sandbox Execution. Update on July 5, 2021: The REvil Ransomware group posted a message on their leak site in the darkweb, claiming that they have compromised Kaseya, an MSP provider, on July 02, 2021. The Ransomware group also claims that there have been a million systems impacted by the ransomware at present. The group is demanding a 70Million USD in BTC for publicly publishing the decryptor for …

Dissection of REvil Ransomware: Kaseya VSA Supply Chain Attack Read More »

Petya and Paradise Ransomware Source Codes Leaked

The darkweb and cybercrime community is full of twists and interesting developments. A few days ago, a reputed operator in a cybercrime market with the alias ‘Krypt0n’ leaked the source code of the infamous ransomware Petya. The author of the original Petya ransomware is a group known by the name of Janus Cybercrime solutions and …

Petya and Paradise Ransomware Source Codes Leaked Read More »