In 2022 & 2023 Western government agencies have managed to take down multiple prominent dark web forums such as RaidForums in April 2022, BreachedForums in March 2023, and Genesis Marketplace in April 2023. This might make threat actors in the West feel less confident in initiating activities on such monitored platforms and could shift their focus to Chinese-speaking forums.

It’s time to broaden our conception of the external attack surface to include all common attack vectors. Traditionally, the external attack surface is thought of as all of an organization’s external IT assets: domains, addresses, web servers, SSL certificates, externally-visible software, and so on.

Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

Cyber attacks can have a significant impact on point-of-sale (POS) services, which are used in retail environments to process transactions and collect payments from customers. POS systems typically involve the use of software, hardware, and network components, which can be vulnerable to a variety of cyber threats. A successful campaign targeting POS systems can result in credit card theft, transaction tampering, service disruption, brand damage and other severe organizational damage.

Since the beginning of the year, we have witnessed the success of numerous operations by law authorities worldwide in the war against cybercrime. Totaling 120 arrests from Hive shutdown, Pompompurin’s arrest, BreachForums Shutdown, and now Genesis market, it seems that law authorities are managing to hunt some high-profile threat actors worldwide. These arrests are only possible due to corporation between several government agencies worldwide.

The first quarter of 2023 was the best quarter we’ve seen for the ransomware industry in a long time, even exceeding Q1 2022. With 831 victims, Q1 2023’s victim count was much higher than the first quarter of 2022, with just 763 victims. Unsurprisingly, LockBit3.0 remained the number one group claiming an average of around 23 victims per week and almost 33% of all ransomware cases this quarter.

A supply chain attack that targets customers of the 3CX Voice Over Internet Protocol (VoIP) desktop client has been discovered. Threat actors have created a digitally signed and malicious version of the software, which is being used to target both Windows and macOS users of the app. The threat actors are deploying second-stage payloads and are believed to be linked to a North Korean state-backed hacking group, , although this attribution has not been confirmed.

Clop, aka Cl0p, is a ransomware group that emerged in February 2019 and targeted almost any sector in the world, including retail, transportation, education, manufacturing, automotive, energy, financial, telecommunications and even healthcare. The clop ransomware group is linked as a successor of the CryptoMix ransomware group. The Cyberint Research Team identified an anomaly in Clop’s activity in the past two weeks.

Malware is not a new attack vector but, over the past few years, the Cyberint research team was observed a resurgence of this threat. In particular, a specific type of malware known as InfoStealers has become a serious risk. This blog post will drill down on InfoStealers and discuss the lifecycle of an InfoStealer attack, from beginning to end.

On March 15, the FBI arrested an individual suspected of being the notorious Pompompurin, the admin of one of the most popular cybercrime forums today – BreachForums.The individual is a 21-year-old, Conor Brian Fitzpatrick who federal agents claim admitted to being the famous Pompompurin. Pompompurin is a famous cybersecurity individual which whom anyone in the community is familiar. The BreachForums is still up and running and is currently managed by another admin named Baphomet.