Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2022

Atlas Intelligence Group (A.I.G) - The Wrath of a Titan

Over the past couple of months, a new group has emerged named the Atlas Intelligence Group (A.I.G), aka Atlantis Cyber-Army. What makes this group unique compared to all the other groups we’ve seen lately, is its recruitment of cyber-mercenaries to do specific jobs as a part of bigger campaigns known only to the admins. In the early days, the group appeared to be yet another data leakage group.

GhostSec Raising the Bar

In June 2022, Cyberint observed a new hacktivist campaign targeting multiple Israeli organizations and enterprises coordinated via different social media platforms. The campaign is led by hacktivists originating in a group called GhostSec. GhostSec was first identified in 2015 and was initially founded to attack ISIS in the cyber realm as part of the fight against Islamic extremism.

Ransomware Landscape Q2

The first quarter of 2022 was rich with many unusual incidents of new ransomware groups, and new techniques. The most notable event of Q1 was without a doubt the ContiLeaks incident, courtesy of the Russia-Ukraine conflict, which lasted till not long ago, at the end of Q2. As the shockwaves of the Russia-Ukraine conflict have faded, when it comes to the ransomware industry, we have seen many families going “back to business”.

XFiles Stealer Campaign Abusing Follina

As many threat actors and groups seek to utilize recently discovered vulnerabilities, the Cyberint Research Team found several XFiles stealer campaigns, in which Follina vulnerability was exploited as part of the delivery phase. Follina is one of the most widespread vulnerabilities discovered throughout 2022. The vulnerability allows a threat actor to perform a remote code execution (RCE) through malicious Word documents.