Comprehensive CTI Report: Insights from the LockBit Ransomware Group Data Dump

By Eric Taylor | May 7, 2025 | Comments Off on Comprehensive CTI Report: Insights from the LockBit Ransomware Group Data Dump
Comprehensive CTI Report_Lockbit Ransomware Data Dump

Executive Summary This report analyzes a leaked database dump from the LockBit ransomware group, providing actionable insights into their operations, tactics, and infrastructure. Key findings include the identification of Bitcoin addresses used for ransom payments, operator activity patterns, negotiation tactics, and targeted industries. These insights can help security professionals detect, mitigate, and respond to LockBit…

Read More

Comprehensive CTI Report: Scattered Spider Threat Actor Group

By Eric Taylor | May 7, 2025 | Comments Off on Comprehensive CTI Report: Scattered Spider Threat Actor Group
Comprehensive CTI Report - Scattered Spider Threat Actor Group

Purpose: To provide an exhaustive analysis of the Scattered Spider threat actor group, detailing their profile, payloads, tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework mappings, methods for proactively tracking their networks using tools like Shodan, and their affiliations with other threat actor groups, incorporating recent insights from the Google Mandiant report. Executive Summary Scattered…

Read More

Executive Summary: ShadowSyndicate Threat Group

By Eric Taylor | January 15, 2025 | Comments Off on Executive Summary: ShadowSyndicate Threat Group
Executive Summary: Shadow Syndicate Threat Group Update

Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate, active since 2022, has been associated with several ransomware families and sophisticated tools, including Cobalt Strike and Sliver. Their latest collaboration with RansomHub, a rising Ransomware-as-a-Service (RaaS) operator, underscores an evolving threat landscape. This report…

Read More

BianLian Data Extortion Group – Updated Advisory

By Eric Taylor | November 21, 2024 | Comments Off on BianLian Data Extortion Group – Updated Advisory

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have released a joint Cybersecurity Advisory detailing the tactics, techniques, and procedures (TTPs) of the BianLian ransomware and data extortion group. This advisory, updated as of November 20, 2024, provides critical…

Read More

REMCOS Remote Control & Surveillance Software

By Eric Taylor | August 21, 2024 | Comments Off on REMCOS Remote Control & Surveillance Software

What Is Remcos? aka: RemcosRAT, Remvio, Socmer Actor(s): APT33, The Gorgon Group, UAC-0050 Remcos (short for Remote Control and Surveillance) is a commercial system administration application for XP and newer versions of Windows that threat actors have weaponized. Remcos is a closed-source application designed for network maintenance, system monitoring, surveillance, and penetration testing, but attackers use it to…

Read More