Rhadamanthys, an info stealer, written in C++, was first seen on August 22, 2022. This stealer, still gets updates and patched regularly. Version 0.5.0 shifted towards a more customizable framework allowing threat actors to counter security measures and exploit vulnerabilities by deploying targeted plugins, such as ‘Data Spy,’ which monitors RDP logins.

A fresh entrant, “Exodus,” has recently emerged on the dark web scene, positioning itself to potentially become one of the key players in the info stealer logs marketplaces. Launched in January 2024, it quickly began to draw attention by mid-February on several dark web forums for its potential to become a significant player, alongside established names like Russian Market and 2easy Shop.

Monster, a novel Ransomware-as-a-Service (RaaS) built on Delphi, surfaced in March 2022 and caught the attention of the BlackBerry Incident Response (IR) team during an incident investigation. After its initial appearance, Monster’s capabilities and its ransomware partnership program were promoted on the Russian Anonymous Marketplace (RAMP) in June. The mastermind behind Monster ransomware later introduced an enhanced version named Beast Ransomware, incorporating advanced features.

According to CISA, since the latter part of 2021, the perpetrators behind Snatch Ransomware have persistently adapted their strategies, capitalizing on prevailing tendencies and the operational successes of other ransomware variants within the cybercrime arena. Snatch has cast a wide net, targeting numerous sectors critical to infrastructure, including but not limited to the Defense, Industry, Food and Agriculture, and Information Technology sectors.

The TargetCompany ransomware group, first identified in June 2021, garnered its name due to its distinctive practice of appending the names of the targeted organizations to encrypted files. Over time, the group has exhibited a dynamic evolution, frequently changing encryption algorithms, decryptor characteristics, and file name extensions.

On December 19, 2023, the FBI successfully dismantled one of the ALPHV/BlackCat ransomware sites. The customary FBI banner now adorns its main page, while the other sites associated with the cybercrime gang remain operational. This development may be linked to the recent 5-day disruption of the entire gang’s Darknet infrastructure.

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. In late October 2023, Atlassian issued a warning about a critical security flaw, CVE-2023-22518 (CVSS score 9.1), impacting all versions of Confluence Data Center and Server. This improper authorization issue poses a significant risk of data loss if exploited by an unauthenticated attacker.

This week, the threat actor group Anonymous Global (AnonGlobal) has introduced a new website designed for user engagement in attacks directed at Israel. Despite the site’s current inaccessibility, the group already claims already facilitated attacks resulting in the takedown of three Israeli websites. This innovative approach marks a departure from traditional threat actor tactics, aiming to involve ordinary individuals in their attacks.

A new alliance has emerged, posing a significant risk to governments, businesses, and individuals worldwide. On February 6th, 2024, a Telegram channel was created, uniting 18 hacking groups from across the globe under the banner of hacktivism. This report by Cyberint delves into the depths of this alliance, analyzing its origins, motives, activities, and potential impact. It then offers recommendations for organizations and individuals to strengthen their cybersecurity posture.

“The evolving threat landscape” sounds like an overused clichè; however, marked shifts in threat actor tactics in the past year are evidence of widespread and brazen growth in confidence among threat actors. Evident in recent incidents, such as ALPHV, AKA Black Cat’s exploitation of legal avenues, and the emergence of “The Five Families” alliance, cybercriminals are stretching their levels of coordination and reach.