Threat Actor Update: IRIDUIM Attributed to Prestige Ransomware Campaign A ransomware campaign targeting transportation and logistics organizations in Ukraine and Poland has been attributed to a group called IRIDIUM. The ransomware campaign used a previously unidentified ransomware payload called ‘Prestige’ which was observed deployed on October 11th, 2022. The objective of the campaign was to cause disruption not financial gain. IRIDUIM is a Russia-based actor that overlaps with Sandworm and has been consistently active in Ukraine with IRIDIUM being linked to activity in March 2022 (1). The Ukraine war continues to highlight the increased use of ransomware for non-financial means. Ransomware has been used for non-financial means before (2); however, many ransomware incidents have historically been financially driven. For example, the HermacticRansom malware used in Ukraine is suspected to be a smokescreen for destructive attacks (3). Hacktivist group FRwL has used ransomware during
Key Infrastructure and Critical Vulnerabilities: Attack Against Tata Power Highlights Cyber Risk to India’s Growing and Increasingly Connected Population On Friday, October 14, Indian electricity provider Tata reported it was suffering the effects of a cyberattack against its network. (1) In late October, Hive ransomware claimed the attack and began leaking data stolen from Tata Power on its website. (16) This was not the first time Indian power infrastructure was targeted in a cyberattack. So far has been no long-term infrastructure damage, but attacks against vulnerable power infrastructure which are widespread or occur at critical times have the potential to be disruptive to government, commerce, and daily living. Indian authorities blamed malware for a two-hour long power outage also in Mumbai in October 2020, and later indicated they believed the incident to be the result of deliberate action, according to press reports. The investigation uncovered suspicious logins to servers c
Synopsis The Analyst Prompt Issue #18 briefly explores the hype around zero-day vulnerabilities and the benefit of focusing on tactics and techniques featured in common threats and attack patterns rather than highlighting cutting-edge cyberattacks to improve metrics and cyber defense. As an example of the value of strong fundamentals, we look at the initial reports about the Uber breach versus an analysis of current trends in zero-day use in cyberattacks. Key Infrastructure and Critical Vulnerabilities: Zero-Day Software Vulnerabilities Remain High Profile, but are Not a Factor in the Majority of Successful Cyberattacks Zero-day exploits have come under increased scrutiny after malware vendors including FinFisher, the NSO Group, Hacking Team, and others demonstrated a growing market for custom, paid-for exploits. Our increasingly connected world ensures constantly growing impacts from zero days. At the end of August, VX Underground reported a new iOS remote code execution vulnerability
Introduction Widespread implementation of decentralized finance (DeFi) systems since 2020 has created new fertile ground for a variety of threat actors to shift the development of cyberattack tactics, techniques, and procedures (TTPs). The number of threat actors participating in DeFi activity has grown substantially over the past two years. Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. Types of threat actors range from advanced persistent threat (APT) groups and small loosely organized groups of cybercriminals to individual threat actors of varying skills. EclecticIQ Analysts Expect the Number of Threat Actors Attacking Defi Systems Will increase Significantly Through at Least The Next Two Years Despite Any Dips in Cryptocurrency Value Attack volume carried out by individual attackers is expected to grow at the greates