SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime 138

Cybercrime Banking Malware Ransomware 138

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware 213

Ransomware Cybercrime Accountability Malware 213

Digital Shadows

JULY 5, 2021

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software used to manage and monitor customers’ infrastructure. REvil is ransomware that was first observed in April 2019.

Ransomware 52

Ransomware Encryption Cryptocurrency System Administration 52

Krebs on Security

AUGUST 5, 2021

Reinvention is a basic survival skill in the cybercrime business. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” That CrowdStrike report was from July 2019.

Ransomware 313

Ransomware Cybercrime Malware System Administration 313

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines. The module also exfiltrates 2FA secrets from Twilio’s Authy local storage.

Malware 86

Malware Social Engineering Encryption Marketing 86