sophosxops · TEXXR

/

Navigation

C

Chronicles

Browse all articles

C

E

Explore

Semantic exploration

E

R

Research

Entity momentum

R

N

Nexus

Correlations & relationships

N

~

Story Arc

Topic evolution

S

↻

Drift Map

Semantic trajectory animation

D

P

Posts

Analysis & commentary

P

Browse

@

Entities

Companies, people, products, technologies

◇

Domains

Browse by publication source

☉

Handles

Browse by social media handle

Detection

?

Concept Search

Semantic similarity search

!

High Impact Stories

Top coverage by position

+

Sentiment Analysis

Positive/negative coverage

*

Anomaly Detection

Unusual coverage patterns

Analysis

vs

Rivalry Report

Compare two entities head-to-head

/\

Semantic Pivots

Narrative discontinuities

!!

Crisis Response

Event recovery patterns

Connected

Nav: C E R N

Search: /

Command: ⌘K

Embeddings: large

2024-02-21

While the world digests what, precisely, the LockBit takedown this week entails and how much it's likely to kneecap the ransomware gang, we'd just like to point out how prevalent the family is - literally, what Conti was to 2021, LockBit was to 2023. 1/11

2024-02-21 View on X

Bloomberg

Cybersecurity experts say that global law enforcement agencies dealt Russia-linked LockBit a major blow, but history shows that ransomware gangs regroup quickly

- Disruption of LockBit praised as major blow against gang — History has shown that hackers regroup quickly, experts say

View original

2023-11-11

From @SysAid's write up about active attacks attributed to Cl0p. “- Checks all running processes for any process beginning with the name “Sophos” [and only Sophos] and if found, exits. - If no matching processes are found, starts the user.exe malware.” https://www.sysaid.com/... [image]

2023-11-11 View on X

BleepingComputer

Microsoft says the Clop ransomware group is exploiting a zero-day in IT support tool SysAid in “limited” attacks to access corporate servers and deploy Clop

blog post coming ASAP😜 Big thanks to @gleeda @HuskyHacksMK @DaveKleinatland @calebjstewart and the whole @HuntressLabs crew helping dig into this one! [image] @swiftonsecurity : I'...

View original

2023-08-31

We've been looking into something interesting recently - research contests run on cybercrime forums, by threat actors and for threat actors. They work very much like CFPs for legitimate security conferences, but all the entrants are members of criminal forums. [image]

2023-08-31 View on X

Wired

A look at cybercrime writing contests, which Russian-language cybercrime forums have hosted for over a decade, that offer the winners up to $80K in prize money

New analysis from Sophos, dives into these strange competitions. … X: @sophosxops : Some of the entries could definitely be of practical use to threat actors - we saw tutorials on ...

View original

Aside from cash and recruitment, another motivation for entering is that winners get a lot of prestige and peer recognition, and both forums try to foster a sense of community through these contests.

2023-08-31 View on X

Wired

A look at cybercrime writing contests, which Russian-language cybercrime forums have hosted for over a decade, that offer the winners up to $80K in prize money

New analysis from Sophos, dives into these strange competitions. … X: @sophosxops : Some of the entries could definitely be of practical use to threat actors - we saw tutorials on ...

View original

Some of the entries could definitely be of practical use to threat actors - we saw tutorials on hiding Cobalt Strike and evading Windows Defender - but others were more frivolous/impractical. There was definitely a reasonable amount of innovation though.

2023-08-31 View on X

Wired

A look at cybercrime writing contests, which Russian-language cybercrime forums have hosted for over a decade, that offer the winners up to $80K in prize money

New analysis from Sophos, dives into these strange competitions. … X: @sophosxops : Some of the entries could definitely be of practical use to threat actors - we saw tutorials on ...

View original

Over on XSS, the latest contest was last year, with a wider range of suggested topics and a prize pool of $40,000. Both forums have rules and guidelines for submissions and for the last few years, prominent threat actors as sponsors (LockBit, All World Cards).

2023-08-31 View on X

Wired

A look at cybercrime writing contests, which Russian-language cybercrime forums have hosted for over a decade, that offer the winners up to $80K in prize money

New analysis from Sophos, dives into these strange competitions. … X: @sophosxops : Some of the entries could definitely be of practical use to threat actors - we saw tutorials on ...

View original

We looked at the most recent contests on two prominent criminal forums: Exploit and XSS. Exploit's most recent competition (in 2021) focused on crypto and related technologies - with a total prize fund of $80,000 (not quite Pwn2Own money, but not pocket change either).

2023-08-31 View on X

Wired

A look at cybercrime writing contests, which Russian-language cybercrime forums have hosted for over a decade, that offer the winners up to $80K in prize money

New analysis from Sophos, dives into these strange competitions. … X: @sophosxops : Some of the entries could definitely be of practical use to threat actors - we saw tutorials on ...

View original

2023-03-31

We have just updated our blog on the 3CX situation. Updated information includes: adding detail on affected versions, misuse of ffmpeg.dll, removal of malicious repository, comparison of PE shellcode loader to that used by Lazarus threat group... 1/2 https://news.sophos.com/...

2023-03-31 View on X

BleepingComputer

Researchers say hackers have compromised the VoIP desktop client of 3CX's Phone System, used by 600K+ companies and 12M+ DAUs, in an ongoing supply chain attack

https://www.3cx.com/... Any vendor of software and services that pull in code from NPM, PIP, RubyGems etc … Eitan Erez : This supply chain attack started unfolding not long ago as...

View original