Cybercrime targeting law firms has surged by 77% in the past year, raising significant concerns for the legal sector. The frequency, nature, and motivations of these attacks are evolving, putting law firms in a vulnerable position. Due to the sensitive nature of their data and high stakes, law firms are frequent targets for financially motivated cybercriminals, hacktivists, and even state-sponsored groups.

Data leaks sites (DLSs) commonly debut with a small number of claimed victims. When Cyjax discovered them, newly found DLSs for extortion groups FunkSec and Kairos claimed 11 and six victims, respectively. In contrast, a newly identified possible extortion group which aptly calls itself ’LeakedData’ has emerged onto the scene with an alleged total of 41 victims.

Stealer logs and the infostealers that harvest them form a key part of the threat landscape and cybercriminal ecosystem. Infostealers, which are also referred to as stealer malware, are deployed by threat actors to facilitate data theft from compromised devices. This data typically contains sensitive and valuable personal information including credentials, hardware or software information, IP addresses, browser cookies, and more.

Cyjax’s open-source intelligence team has recently conducted an investigation into Meta’s impact on fraud and scams with regards to advertisements. The investigation consisted of extensive research and data collection from dark web sources, closed and open chats, social media platforms, marketplaces, and threat actor marketing forums.

Another week, another extortion group data-leak site emerges. Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups. New groups FunkSec, ContFR, Argonauts, Kairos, Chort, and Termite appeared in December and November 2024 alone, bringing this year’s total up to 69. On 11 December 2024, Cyjax identified the emergence of a Tor-based DLS belonging to a new data-leak extortion group going by the name ’Bluebox’.

Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups, with ContFR, Argonauts, Kairos, Chort, and Termite, appearing November 2024 alone. Cyjax has identified the emergence of a Tor-based DLS belonging to a new, self-called “cybercrime group” named ‘Funksec’. This group has claimed 11 victims so far and advertises a free Distributed Denial-of-Service (DDoS) tool.

CYJAX’s open-source intelligence team collects data from social media, instant messaging platforms, gated communities, and dark web locations to safeguard clients from threats stemming from online locations.

Following the emergence of data-leak sites (DLSs) for new extortion groups Kairos, Chort, Termite, and CONTfr, Cyjax has observed a DLS for a group going by the name ’Argonauts Group’. This group has claimed 10 victims so far. This brings the total of new DLSs discovered this month to seven, with a few days remaining in November.

Following the emergence of data-leak sites (DLSs) for extortion groups Kairos, Chort, and Termite, Cyjax has observed the emergence of a Tor-based site belonging to a new French-speaking Ransomware-as-a-Service (RaaS) operation called ’ContFR’. ContFR is potentially referencing well-known ransomware group Conti, whilst incorporating a reference to France.

Just days after Cyjax observed the emergence of a data-leak site (DLS) for new extortion group Kairos, DLSs for two more new English-speaking groups, Chort and Termite, have debuted.