Resources
Cybersecurity white papers, data sheets, webinars, videos and more
Resource Library
January 23, 2024
BlackCat Ransomware Group Claims Attack on Healthcare Service Provider
Executive Summary On January 17, the BlackCat ransomware group added an entry for an electronic health record (EHR) vendor to its extortion site., Bbut, as of January 21, the vendor’s entry no longer appeared there. Following the claim, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team investigated the incident. Read More
Cyber Threat Intelligence
January 23, 2024
Avoslocker Ransomware Group Targets U.S University
Executive Summary On May 1, the Avoslocker ransomware group claimed responsibility for an attack against a small U.S. university. Shortly after news of the incident surfaced, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team consulted internal and external sources to collect and analyze intelligence about the attack. These sources yielded… Read More
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
January 23, 2024
Investigation of North Korea-Linked Indicators of Compromise (IOCs)
Executive Summary On February 9, CISA published a #StopRansomware alert regarding ransomware attacks against healthcare and public health organizations they attribute to threat actors acting on behalf of the North Korean state. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team consulted internal and external data sources to enrich the indicators… Read More
Cyber Threat Intelligence
January 23, 2024
Newly-identified Vulnerability Affecting All Versions of Outlook for Windows
Executive Summary On March 14, Microsoft released a security update for a newly-identified vulnerability affecting all versions of Outlook for Windows. Current reports indicate that the vulnerability is under active exploitation by a threat actor group the cybersecurity community believes is acting on behalf of the GRU, Russia’s military intelligence… Read More
Cyber Threat Intelligence
January 23, 2024
New Intrusion Campaign Targeting Users of Popular Business Communication Software
Executive Summary On March 29, cybersecurity vendors announced that a new intrusion campaign had targeted users of business communication software company 3CX’s desktop client through a supply-chain attack. Initial reports have attributed the activity to the threat actor group tracked as Labyrinth Chollima, which is believed to conduct espionage on behalf… Read More
Cyber Threat Intelligence
January 23, 2024
Investigations of Lazarus Group Indicators of Compromise Reveals Suspicious Traffic Involving State Government IP Addresses
Executive Summary In early February, analysts attributed a new intrusion affecting a healthcare research organization to the Lazarus Group, a well-established threat actor believed to act on behalf of the government of the Democratic People’s Republic of Korea (DPRK). In an effort to enrich the Indicators of Compromise (IoCs) provided in… Read More
Cyber Threat Intelligence
January 23, 2024
Attackers Exploit Windows Vulnerability to Deliver Nokoyawa Ransomware
Executive Summary On April 11, security researchers announced the discovery of CVE-2023-28252, a zero-day vulnerability under active exploitation by a sophisticated cybercriminal group. The vulnerability affects all versions of Windows and could therefore be quite widespread; however, a patch is available. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team… Read More
Cyber Threat Intelligence
January 23, 2024
New APT29 – Attributed Phishing Activity Targets Diplomatic Services
Executive Summary On April 13, Poland’s Computer Emergency Response Team (CERT.PL) and Military Counterintelligence Service released a group of joint advisories regarding newly-observed espionage activity attributed to a Russia-linked threat actor group. The activity involved the distribution of three different strains of malware, HALFRIG, QUARTERRIG, and SNOWYAMBER, through phishing targeting… Read More
Cyber Threat Intelligence
January 23, 2024
Cyber Risk Intelligence: Cold Storage and Logistics Disruption
Executive Summary On April 26, reports of a service disruption affecting a major cold storage and logistics firm surfaced. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team collected a sample of traffic involving possibly vulnerable company assets to identify behavior that may reflect a compromise. Researchers did not… Read More
Cyber Threat Intelligence
January 23, 2024
LockBit Group Claims Ransomware Attack Against Southeast Asian Bank
Executive Summary On May 8, the LockBit ransomware group claimed an attack against a major state-owned bank in Southeast Asia. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team collected and analyzed data from internal and external sources to enrich the available information about the attack. STRIKE Team researchers identified possible… Read More
Cyber Threat Intelligence
January 23, 2024
Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability
Executive Summary On April 26, security researchers announced the discovery of CVE-2023-27350 and CVE-2023-27351, vulnerabilities in the PaperCut print management software solution. Researchers have observed threat actors exploiting the more severe of the two vulnerabilities, CVE-2023-27350, to deliver the LockBit strain of ransomware. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement… Read More
Cyber Threat Intelligence
January 23, 2024
ESXiArgs Ransomware Campaign Targets VMWare ESXi Vulnerability
Executive Summary On February 3, European hosting providers and computer emergency response teams (CERTs) began warning of a widespread ransomware campaign exploiting CVE-2021-21974, a VMWare ESXi vulnerability for which a patch has been available since February 2021. Shortly after the warnings’ publication, SecurityScorecard developed an emergency informational… Read More
Cyber Threat Intelligence
January 23, 2024
Ransomware Attack Against U.S. Public Housing Authority Linked to Previous Attacks
Executive Summary On January 3, local media reported that a major U.S. city’s housing authority had suffered a ransomware attack. The LockBit ransomware group, which has made false claims in the past, took responsibility for the incident. As of this publication, the housing authority has announced a disruption, but… Read More
Cyber Threat Intelligence
Public Sector
January 23, 2024
Iran-Attributed Exploitation of Log4Shell Vulnerability
Executive Summary CISA and the FBI issued a joint advisory warning of ongoing exploitation of the Log4Shell vulnerability (CVE-2021-44228) on November 16. The advisory noted that an unspecified Iran-linked threat actor group had exploited the vulnerability during an intrusion into a Federal Civilian Executive Branch (FCEB) organization’s network earlier… Read More
Cyber Threat Intelligence
STRIKE Team
January 23, 2024
Cyber Risk Intelligence: LockBit 3.0 Ransomware Group Claims Defense Contractor Breach
Executive Summary On December 2, the LockBit 3.0 ransomware group claimed to have exfiltrated data from a major defense contractor, and threatened to leak stolen files; however, as of December 13, the supposed victim no longer appears on LockBit 3.0’s data leak site. Following the claim, the SecurityScorecard… Read More
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
January 22, 2024
Investigation into Breached Australian Organizations
Executive Summary In mid-March, two Australian financial and professional services firms reported data breaches. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team investigated these incidents using SecurityScorecard’s products, Attack Surface Intelligence data, exclusive access to network flow (NetFlow) data, and publicly-available information. The available data suggests possible suspicious activity… Read More
Cyber Threat Intelligence
January 22, 2024
Investigation into Last Month’s Royal Ransomware Attack Against a City Government
Executive Summary On May 1, local media reported that a city government had suffered a disruption resulting from an attack claimed by the Royal ransomware group. City spokespeople confirmed these reports on May 3, noting that emergency services remained available despite disruptions to computerized dispatching systems. Intelligence collected by the SecurityScorecard… Read More
Cyber Threat Intelligence
Public Sector
January 22, 2024
LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm
Executive Summary On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site. In response, the named firm denied that an attack had compromised customer data or affected its operations. Instead, it reported that an attack against a hardware supplier had exposed a… Read More
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
January 22, 2024
SecurityScorecard Identifies Possible Flax Typhoon Infrastructure
Executive Summary On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China. Thus far, analysts have mainly observed Flax Typhoon activity in Taiwan. It has also… Read More
Cyber Threat Intelligence
January 22, 2024
Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education
Executive Summary The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team conducted further research into indicators of compromise (IoCs) connected to the China-backed Flax Typhoon threat actor group. This has revealed additional IP addresses the group may use. A strategic partner’s network flow (NetFlow) data indicated repeated communication between four… Read More
Cyber Threat Intelligence
Public Sector
January 22, 2024
Daixin Team Ransomware Group Claimed Airline Ransomware Attack
Executive Summary An information security researcher reported on November 20 that the Daixin Team ransomware group had claimed that a recent attack against an airline had resulted in a breach exposing the personal data of all airline employees and five million passengers. Following this report, the SecurityScorecard Threat Research,… Read More
Cyber Threat Intelligence
Public Sector