The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

The ransomware industry has been a prominent player this quarter, causing significant impact and affecting numerous organizations globally. With its widespread threat, the industry has successfully claimed 1386 victims. The industry is feeling increasingly impacted by ransomware as many critical vulnerabilities were discovered this quarter. Additionally, the emergence of new groups, both from the end of 2022 and during this quarter, has contributed to the industry’s growth.

Following our research regarding the abuse of Malvertising using Malicious Ads, Cyberint has uncovered a new strain of mobile banking malware. This malware is being distributed on third-party APK sites and is disguised as advertisements for popular messaging applications like KIK and Viber. Our Cyberint team has conducted an analysis of the malware’s source code. Based on our findings, it appears that the campaign is primarily targeting Asia.

For the past five years the notorious RaidForums had been one, if not the main pillar of the cybercriminals industry, serving many purposes, but the main activity of this forum was exclusively leaked databases. Towards the end of February, RaidForums was seized by the authorities and officially closed on April 12 by the FBI and its main owner was arrested.

Google’s recent introduction of ZIP top-level domain (TLD) addresses, although well intentioned has ignited a heated debate surrounding the potential cybersecurity risks associated with these domains. On the one hand, the move could make it easier for users to share and download files. For example, a website with the domain name “myfiles.zip” would be easier to remember than a long, complex string of numbers and letters.

As the cybercrime industry continues to provide us with new Malware as a Service (MaaS) products, we have become used to seeing the operators advertising and developing the panels underground. Over the past year, an allegedly legitimate software company named Venom Control Software emerged, offering a Remote-Access-Tool (RAT) for “hackers and pen-testers”.

In the past two weeks, three new vulnerabilities in the the MOVEit file transfer software have been discovered, including one over the weekend. The MOVEit file transfer software is used by around 1700 organizations worldwide. As in most cases when supply chain modules are being compromised, the impact is lethal as big companies such as the BBC and Zellis have been targeted.

As threat intelligence evolves, mature organizations view it as a complex, multi-layer process. The standard Threat Intelligence cycle famously includes five stages: Planning, Collection, Analysis, Production (AKA reporting), and Dissemination. But this cycle can be viewed and conducted with different approaches in mind. As we understand the difference between strategic, tactical, technical, and operational Threat Intelligence, we’ll see what that means.

Once upon a time, organizations saw cybersecurity as a technical challenge that affected just technical stakeholders. Those days are over. Security has become a business problem. Aware of the danger that cyberattacks pose to business revenue and reputation, executives and boards are focusing more extensively on ensuring that their IT organizations are handling security risks, which means CISOs face more pressure than ever.

Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.