DECRYPTION THE RISE OF INITIAL ACCESS BROKERS As seen in the underground economy edition, the cybercriminal economy relies on the professionalization and specialization of its system. Among the main actors of this ecosystem, such as the Bullet Proof Hoster or…
TECH FOCUS SysJoker: Windows Version To produce this tech focus, we used data from: New SysJoker Backdoor Targets Windows, Linux, and macOS - Intezer CERT-W: FROM THE FRONT LINE The First Responder Word Reading Of The Month To learn more about…
THE ROLE OF DECRYPTION TOOL AGAINST THE RANSOMWARE THREAT The ransomware threat is increasing continuously and is now considered a national threat for countries, such as the US, France, or the UK. Last summer, the Virtual System Administrator (VSA) edited…
FOCUS TECH File Obfuscation Discover Cobalt Strike capabilities with the technical zoom of the month: To learn more about the given malwares: Cobalt Strike Training videos CERT-W: FROM THE FRONT LINE The First Responder Word We recommend the 2021 Benchmark…
DECRYPTION The underground economy of the ransomware In recent years the products of the underground economy have evolved quickly. Cyber criminals now offer services for others to purchase, the most popular being: Ransomware-as-a-service (RaaS). Let’s pretend you are a hacker…
DECRYPTION CYBER CRIMINAL NETWORK DISMANTELING The last 6 months, large-scale coordinated international actions have dismantled several of the biggest cybercriminal networks such as Emotet, Netwalker, Egregor or even Cl0p. Let’s have a closer look at some of them. What is Emotet?…
Monthly indicators TOP ATTACK Two French hospital under ransomware attacks Ransomware attacks struck two French hospital groups in less than a week, prompting the transfer of some patients to other facilities but not affecting care for Covid-19 patients or virus…
Monthly indicators TOP ATTACK SolarWinds aftermaths On the 11th of January, a website presumably owned by the actors behind the SolarWinds breach has surfaced, claiming to be selling data obtained using the SolarWinds backdoor. The site, using the domain solarleaks.net,…
Monthly indicators TOP ATTACK The massive SolarWind hack Russian SVR Hackers have been romping through some 18,000 of SolarsWinds' Origin customer servers using the SUNBURST malware installed via a backdoored update server. FireEye, Microsoft and GoDaddy believe the avsvmcloud domain…
Indicateurs du mois TOP ATTACK LE GOUVERNEMENT BRESILIEN SE REMET DE LEUR "PIRE" ATTAQUE Après avoir été touché, le 3 novembre, par la plus sévère de toutes les attaques orchestrées contre une institution publique brésilienne, le Tribunal Supreme de Justice…
