A new alliance has emerged, posing a significant risk to governments, businesses, and individuals worldwide. On February 6th, 2024, a Telegram channel was created, uniting 18 hacking groups from across the globe under the banner of hacktivism. This report by Cyberint delves into the depths of this alliance, analyzing its origins, motives, activities, and potential impact. It then offers recommendations for organizations and individuals to strengthen their cybersecurity posture.

“The evolving threat landscape” sounds like an overused clichè; however, marked shifts in threat actor tactics in the past year are evidence of widespread and brazen growth in confidence among threat actors. Evident in recent incidents, such as ALPHV, AKA Black Cat’s exploitation of legal avenues, and the emergence of “The Five Families” alliance, cybercriminals are stretching their levels of coordination and reach.

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

The information stealers ecosystem continues to expand as we witness the ongoing maintenance and new capabilities in the latest stealers versions. 2023 was a good year for InfoStealers as they keep evolving along with exploiting the popular vulnerabilities from the last years to infiltrate targeted devices. InfoStealer malware has become increasingly widespread, new business models are being introduced and new detection evasion capabilities are being implemented.

For phishing scammers, the holidays are the most wonderful time of the year – or so holiday phishing trends would suggest. Cyberint research shows that phishing alerts surged by 46 percent last December compared to the monthly average observed throughout the year. Similarly, an Akamai study found a 150 percent increase in phishing victims between mid-October and late November 2021.

The data about the rise of phishing attacks against businesses in the United Kingdom is in, and it’s bleak: UK phishing reports indicate that 79 percent of organizations in the UK were targeted by phishing attacks in the past year. Meanwhile, phishing is the initial attack vector in 36 percent of all data breaches globally, according to Verizon’s 2023 Data Breach Investigations Report. And 80,000 new phishing sites appear every month, according to Cyberint research.

DCRat, also known as Dark Crystal Rat has been around since 2018. It operates as a modular remote access trojan (RAT) offered as a Malware-as-a-Service (MaaS) and has garnered attention due to its cost-effectiveness and adaptability. The malware is purpose-built to provide threat actors unauthorized access to systems by circumventing security measures.

Traditionally Hacktivists were thought of as ideologically motivated threat actors, unaffiliated with nation-states. However recently according the Cyberint research, the lines have blurred. There are now several Hacktivist groups who align with specific nation-states. One example is the KillNet Hacktivist Group. KillNet is a hacktivist group aligned with Russia, who gained significant attention at the onset of the Russia-Ukraine conflict.

A recent wave of advanced persistent threat (APT) attacks is spreading throughout the Asia-Pacific (APAC) region, and these have been attributed to a newly identified group known as Dark Pink (also referred to as the Saaiwc Group). While evidence suggests that Dark Pink commenced its operations as early as mid-2021, the group’s activities escalated notably in the latter part of 2022.

In the last several days, a new info stealer known as the “Continental stealer” has gained traction in dark web forums. This stealer has the potential to become one of the more powerful participants in the InfoStealer industry, thanks to its simple and easy-to-use architecture. In this report, we will review the stealer infrastructure, features, and functionality.