The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/
#ESETresearch has been involved in this operation since 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. Danabot is a #MaaS #infostealer that has also been seen pushing additional malware – even #ransomware, such as #LockBit, #Buran, and #Crisis – to compromised systems.
We have analyzed Danabot campaigns all around the world and found a substantial number of distinct samples of the malware, as well as identified more than 1,000 C&Cs.
This infostealer is frequently promoted on underground forums. The affiliates are offered an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communication between the bots and the C&C server.
IoCs are available in our GitHub repo. You can expect updates with more details in the coming days. https://github.com/eset/malware-ioc/tree/master/danabot

Après un piratage, les coulisses du #ransomware #Lockbit dévoilées. Le 7 mai dernier plusieurs chercheurs en sécurité ont observé que le site vitrine de Lockbit sur le dark web avait été (...)
https://www.lemondeinformatique.fr/actualites/lire-apres-un-piratage-les-coulisses-du-ransomware-lockbit-devoilees-96810.html
#sécurité

Latest issue of my curated #cybersecurity and #infosec list of resources for week #19/2025 is out!

It includes the following and much more:

The #Signal clone the Trump admin uses was hacked;

ICE's airline hacked;

The DragonForce #ransomware group claimed responsibility for recent cyberattacks on UK retailers;

NATO hosting the Locked Shields 2025 cyber defense exercise in Estonia;

The #LockBit ransomware gang was hacked!

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-19-2025

#LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. #ransomwaregroup #dataleaking https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/

#LockBit #ransomware gang hacked, victim negotiations exposed

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/

The #LockBit #ransomware site was breached, database dump was leaked online
https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html
#securityaffairs #hacking

#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted #LockBit and #BlackCat. Since then, it dominated the ransomware world, showing similar growth as LockBit once did.
Previously linked to North Korea-aligned group #Andariel, Play strictly denies operating as #RaaS. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates.
BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.
Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected.
Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and #Embargo offer their killers as part of the affiliate program.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/ransomhub

Alleged LockBit dev Rostislav Panev was extradited to the U.S. today.

https://www.justice.gov/usao-nj/pr/dual-russian-and-israeli-national-extradited-united-states-his-role-lockbit-ransomware

Ransomware Attacks Set Records in February: Cyble https://thecyberexpress.com/record-ransomware-attacks/ #TheCyberExpressNews #ransomwareattacks #AkiraRansomware #ContiRansomware #TheCyberExpress #RansomwareNews #cl0pransomware #PlayRansomware #FirewallDaily #Fogransomware #Ransomware #CyberNews #RansomHub #LockBit

Russian cybercrime group sent a message of congratulations to Kash Patel and an offer.

...the Lockbit administrator then offered an “archive of classified information for you personally, Mr. Kash Patel.” This, it was claimed, contained information that could “not only negatively affect the reputation of the FBI, but destroy it as a structure.”
#Lockbit #FBI https://www.forbes.com/sites/daveywinder/2025/02/26/this-data-could-destroy-the-fbi-russian-crime-gang-warns-kash-patel/

Feds Sanction Russian Hosting Provider for Supporting #LockBit #Attacks. #US, #UK, and Australian law enforcement have targeted a company called #Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous #ransomware gang.
https://www.darkreading.com/cyber-risk/feds-sanction-russian-hosting-provider-lockbit-attacks
#australia

The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. #LockBit #ransomwaregroup https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/

Ukraine Daily summary - Wednesday, February 12 2025

Russia concerned with weakening sway over allies amid Western pressure, FT reports -- Ukraine strikes Russia's Saratov oil refinery -- North Korea has sent 200 long-range artillery guns to Russia -- Russia records worst-ever ranking in key corruption index -- and more

https://writeworks.uk/~/UkraineDaily/Ukraine%20Daily%20summary%20-%20Wednesday,%20February%2012%202025/

La genèse du ransowmare

La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».

Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.

L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.

Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »

https://librexpression.fr/genealogie-du-ransomware

https://www.ccomptes.fr/sites/default/files/2024-12/20250103-S2024-1456-La-securite-informatique-des-etablissements-de-sante.pdf

#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry

(Crédits : mason cook/Pexels)

Japan Airlines victime d’une cyberattaque https://whiteandhack.wordpress.com/2024/12/28/japan-airlines-victime-dune-cyberattaque/ #Cyberattaque, #DDoS, #JapanAirlines, #Lockbit, #Piratage

Les Cybermenaces qui pourraient faire de 2025 un enfer https://whiteandhack.wordpress.com/2024/12/23/les-cybermenaces-qui-pourraient-faire-de-2025-un-enfer/ #Cyberattaque, #Cybersécurité, #DDoS, #Deepfakes, #DonnéesBancaires, #DonnéesPersonnelles, #Escroquerie, #Hameçonnage, #IA, #IntelligenceArtificielle, #Lockbit, #Malware, #Menace, #Outils, #Phishing, #Smartphone

Justice Department Cracks Down on LockBit Ransomware: Key Developer Arrested in Israel https://thecyberexpress.com/lockbit-ransomware-digital-architect-arrested/ #LockBitRansomwareDeveloperRostislavPanev #fightagainstransomware #LockBitransomwaregroup #USDepartmentofJustice #TheCyberExpressNews #LockBitransomware #TheCyberExpress #RansomwareNews #RostislavPanev #FirewallDaily #CyberNews #LockBit #Israel #FBI

A dual Russian-Israeli national charged as the mastermind behind LockBit ransomware—a cyber weapon that caused chaos across 120+ countries and left $500M in illicit profits.
#LockBit #ransomwaregroup
Explore the full story of LockBit’s rise and fall: https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html

Un cybercriminel membre du célèbre gang de hackers Lockbit se cachait en Israël
https://www.numerama.com/cyberguerre/1869958-un-cybercriminel-membre-du-celebre-gang-de-hackers-lockbit-se-cachait-en-israel.html

LockBit Ransomware Group Plots Comeback With 4.0 Release https://thecyberexpress.com/lockbit-ransomware-comeback-lockbit-4-0/ #TheCyberExpressNews #TheCyberExpress #RansomwareNews #FirewallDaily #Ransomware #CyberNews #LockBit40 #LockBit