Leverage unparalleled research to make smarter, faster business decisions

Investigation into Last Month’s Royal Ransomware Attack Against a City Government

On May 1, local media reported that a city government had suffered a disruption resulting from an attack claimed by the Royal ransomware group.

LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm

On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site.

SecurityScorecard Identifies Possible Flax Typhoon Infrastructure

On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China.

Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education

Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.

Daixin Team Ransomware Group Claimed Airline Ransomware Attack

Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services

SecurityScorecard Investigation and Response to New and Widespread OpenSSL 3.X Vulnerability

A Detailed Analysis of the RedLine Stealer

Microsoft ProxyNotShell Zero Days

Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence

A Detailed Analysis Of A New Stealer Called Stealerium

Close Encounters in the Healthcare Sector

Close Encounters in the Insurance Sector