initial access broker

North Korean hackers pave the way for Play ransomware

North Korean hackers pave the way for Play ransomware 2024-10-31 at 12:49 By Zeljka Zorz North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack […]

React to this headline:

Loading spinner

North Korean hackers pave the way for Play ransomware Read More »

Zscaler swats claims of a significant breach

Zscaler swats claims of a significant breach 2024-05-09 at 16:31 By Zeljka Zorz On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”, SSL passkeys

React to this headline:

Loading spinner

Zscaler swats claims of a significant breach Read More »

New Latrodectus loader steps in for Qbot

New Latrodectus loader steps in for Qbot 2024-04-09 at 14:02 By Zeljka Zorz New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observed being distributed by TA577, an

React to this headline:

Loading spinner

New Latrodectus loader steps in for Qbot Read More »

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain

React to this headline:

Loading spinner

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »

Microsoft Teams phishing: Enterprises targeted by ransomware access broker

Microsoft Teams phishing: Enterprises targeted by ransomware access broker 13/09/2023 at 12:16 By Zeljka Zorz A threat actor known for providing ransomware gangs with initial access to enterprise systems has began phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” Microsoft threat researchers noted. About

React to this headline:

Loading spinner

Microsoft Teams phishing: Enterprises targeted by ransomware access broker Read More »

Scroll to Top