Q3 of 2022 has provided us with many interesting insights into the ransomware industry. While the number of incidents this quarter slightly increased compared to the previous quarter.

On September 29, Microsoft Security Threat Intelligence reported two significant zero-day vulnerabilities being exploited in the wild. The two vulnerabilities, named “ProxyNotShell”, affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

It may sound counterintuitive, but the Dark Web presents an invaluable opportunity for businesses to flip the script on hackers. The Dark Web remains a relatively hidden digital space that comprises upwards of 5 percent of the entire internet. This is where cybercriminals go to peddle sensitive and valuable data after breaching vulnerable business networks.

Over the past few months, a new info stealer has emerged. Erbium Stealer is developed by an underground Russian-based group that has been operating since July. The group seems to work very professionally, creating proper documentation and keeping their clients in the loop regarding new features on an almost weekly basis, via their Telegram channel.

In a world where more and more communities and businesses are based on instant messaging applications, it is just a matter of time before instant messaging takes the spotlight away from the traditional social media and commerce platforms. Instant messaging applications are more convenient than conventional forums and social media groups. However, the instant messaging realm is also divided into different application types and purposes.

Lockbit3.0 is the number one ransomware group in the ransomware industry. The group’s operations are so vast and powerful, that we have witnessed weeks where Lockbit’s victim count was more than all other ransomware families altogether. Ever since Conti’s leaks, Lockbit overtook the ransomware throne without any intention of going down anytime soon.

For some time now the Cyberint Research Team has been witnessing attacks targeting China. While most campaigns related to OpChina are focusing on infrastructure and government data breaches, over the past weekend, a major breach of the popular social network TikTok occurred, revealing 1.7 billion records and relations to another popular Chinese app – WeChat. The group taking full responsibility for this breach is none other than the notorious BlueHornet, aka AgainstTheWest, aka APT49.

Recent years have taught us a lot about espionage in the cybersecurity world. As offensive security companies emerged at almost the same rate as ransomware groups, some got tangled up in diplomatic and political incidents, to a point where the countries that hired them left having to manage their losses. Over the past months, a new trend has emerged of criminal threat groups claiming to have connections to governments worldwide that hire their services for espionage and targeted data leak campaigns.

Over the past couple of months, the tension between China and Taiwan has increased dramatically. The well-known conflict between both countries began in 1949 when Taiwan became a self-governing state, while Beijing still considers the island part of its territory. Beijing has promised to “unify” Taiwan with the rest of the mainland, using force if necessary.

This year, Cyberint Research Team has witnessed a major spike in compromised Atlassian service credentials compared to 2021. When observing compromised Atlassian credentials from the start of 2021 and 2022 through to August of the relevant year, we have seen an increase of around 337% (Figure 1, 2) in leaked credentials.