News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

FBI, Europol, NCA: APT group LockBit smashed!

According to the authorities, Europol, the FBI and the British NCA have dismantled the APT group LockBit. At least it has all darknet leak sites under control and is probably already distributing decryption tools. The authorities even used the system of leak sites to distribute information and tools. It sounds too good to be true: A global network of authorities such as the FBI, Eruopol, NCA and many more have succeeded in striking a significant blow against the APT group LockBit. Officially, the group's network has been dismantled, the servers taken over, source codes and documents confiscated and...

Read more

Up to $15 million bounty for ALPHV-Blackcat information
B2B Cyber ​​Security ShortNews

The US State Department is serious: There are rewards totaling $15 million for good information that leads to the capture of key people in the Blackcat group and its RaaS ALPHV. This tactic already helped in the capture of the Conti gang. The US State Department is offering a reward of up to $10 million for information leading to the identification or location of individuals who hold key positions in the Transnational Organized Crime group behind the ALPHV/Blackcat ransomware variant. Additionally, a reward offer of up to $5 million is being offered for information…

Read more

Chinese botnet Volt Typhoon smashed
B2B Cyber ​​Security ShortNews

The US government announced that it had disrupted the threat actor Volt Typhoon's botnet, which it used to attack critical infrastructure in the United States and other countries. An operation authorized by the American judiciary in December 2023 destroyed a botnet of hundreds of US-based small office/home office (SOHO) routers hijacked by state-sponsored hackers from the People's Republic of China (PRC). Volt Typhoon attacked critical infrastructure The hackers, known in the private sector as “Volt Typhoon,” used private SOHO routers infected with the “KV Botnet” malware...

Read more

Open battle between FBI and ALPHV – BlackCat
B2B Cyber ​​Security ShortNews

The FBI continues to take action against the APT group ALPHV alias BlackCat. The FBI briefly blocked the group's leak page on the dark web. Now it's open again and ALPHV announces in Russian that 3.000 companies will never receive the keys to their ransomware. There has never been a more open exchange of blows between the FBI and an APT group. The FBI published a statement saying that it had taken over various ALPHV servers and was now making a decryption tool available to 500 victims. “In dismantling the BlackCat ransomware group, the Department of Justice has...

Read more

Raid on ALPHV or BlackCat group?
B2B Cyber ​​Security ShortNews

The ALPHV and BlackCat leak sites have been disrupted for days. Some of them cannot be accessed or do not show any content. In darknet forums, admins from other APT groups claim that the servers have been taken over by ALPHV. The Advanced Persistent Threat (APT) group ALPHV, also known as BlackCat, is a ransomware group that first emerged in November 2021. The group is known for carrying out sophisticated ransomware attacks on companies and organizations around the world. But for a few days now, the ransomware group's leak pages have either not been accessible or show no content. Darknet admins talk about…

Read more

Access: Former HIVE members arrested
Access: Former HIVE members arrested

The cyber attackers in Ukraine thought they were safe for a long time: but on November 21st it was over! A team of global investigators was able to arrest the head of the cyber attack group along with four of the most active helpers. The former HIVE members are said to have encrypted 250 servers of large corporations in recent years, causing damage amounting to several hundred million euros. The cooperation of Europol and many investigators from Norway, France, Germany and the United States was worthwhile. After the APT group HIVE was dismantled in 2021, investigators did not let up...

Read more

Qakbot continues to actively defy smashed network
B2B Cyber ​​Security ShortNews

As new threat intelligence findings from Cisco Talos show, the threat actor (affiliates) behind the Qakbot malware remains active and has been running a campaign again since the beginning of August 2023. In the campaign, they spread the ransomware “Ransom Knight” and the backdoor “Remcos” via phishing emails. What's special: the Qakbot infrastructure was confiscated by the FBI at the end of August. Nevertheless, the campaign, which was launched at the beginning of August, continues. This suggests that the law enforcement action may not have impacted the Qakbot operators' spam sending infrastructure, but only their command and control (C2) servers. Qakbot uses other distribution channels…

Read more

FBI takes action against IT freelancers from North Korea
FBI takes action against North Korean IT freelancers

FBI: North Korea sends many IT employees and developers to China and Russia to work for Western companies and use the money to finance the North Korean missile program. North Koreans also offer their services via freelance platforms, but use IP spoofing to disguise where they really come from. The FBI warns and takes action against registered domains and networks. Due to the shortage of skilled workers, many companies are increasingly relying on unknown IT freelancers who work remotely. As the FBI has discovered, American companies in particular often use IT freelancers from Russia, China and other Asian countries. Many people don't realize that they...

Read more

FBI vs. Qakbot network: smashed or just paralyzed?
FBI vs. Qakbot network: smashed or just paralyzed?

On August 29, 2023, the US FBI announced that it had dismantled the multinational cyber hacking and ransomware operation Qakbot, or Qbot. After Hive, Emotet or Zloader, QakBot has now been hit. But is the botnet destroyed and the ransomware unusable or just paralyzed, as was the case with Emotet? The Qakbot malware infected victims via spam emails containing fraudulent attachments and links. It also served as a platform for ransomware operators. Once the victim's computer was cracked, it became part of the larger Qakbot bot network, which...

Read more

BEC: How and where cyber gangsters make the most money
B2B Cyber ​​Security ShortNews

Most of the media is always talking about ransomware and the sums that are being extorted from companies with it. But those totals are small change compared to the $2022 billion BEC - Business Email Compromise losses reported to the FBI in 2,8. In its 2022 Internet Crime Report, the FBI listed all the financial damages caused by cyber attacks. This adds up to $10,3 billion - and that's just the reported damage. The FBI's Internet Crime Complaint Center (IC3) has a crucial role in combating the cyber threat. The IC3 serves as…

Read more