Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Credit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000

Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.

Read more

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

Credit to Author: Junestherry Dela Cruz| Date: Tue, 19 Mar 2024 00:00:00 +0000

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Read more

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

Credit to Author: Nathaniel Morales| Date: Mon, 04 Mar 2024 00:00:00 +0000

The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.

Read more

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

Credit to Author: Ian Kenefick| Date: Tue, 27 Feb 2024 00:00:00 +0000

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.

Read more

LockBit Attempts to Stay Afloat With a New Version

Credit to Author: Trend Micro Research| Date: Thu, 22 Feb 2024 00:00:00 +0000

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.

Read more

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 

Credit to Author: Emmanuel Panopio| Date: Tue, 23 Jan 2024 00:00:00 +0000

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.  

Read more