initial access broker – PossibleThreat Articles

The Active Adversary Playbook 2022

June 7, 2022 0 Comments active adversary, artifacts, attack tools, cobalt strike, Cryptomining, cyberattacks, cyberthreats, dwell time, Exploit, featured, initial access broker, malware delivery system, mitre, proxylogon, proxyshell, Ransomware, Ransomware as a Service, security operations, sophos rapid response, vulnerability

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Security Sophos

Horde of miner bots and backdoors leveraged Log4J to attack VMware Horizon servers

March 29, 2022 0 Comments crypto mining, featured, horizon, initial access broker, log4j, threat research, vmware

Credit to Author: Gabor Szappanos| Date: Tue, 29 Mar 2022 11:26:28 +0000

In the wake of December 2021 exposure of a remote code execution vulnerability (dubbed “Log4Shell”) in the ubiquitous Log4J Java logging library, we tracked widespread attempts to scan for and exploit the weakness—particularly among cryptocurrency mining bots. The vulnerability affected hundreds of software products, making it difficult for some organizations to assess their exposure. One […]

MalwareBytes Security

Meet Exotic Lily, access broker for ransomware and other malware peddlers

March 18, 2022 0 Comments bazarloader, cve-2021-40444, exotic lily, initial access broker, spear phishing, spoofing, Threat spotlight

Credit to Author: Pieter Arntz| Date: Fri, 18 Mar 2022 22:58:48 +0000

Exotic Lily is the name given to a group of cybercriminals that specialized as an initial access broker, serving groups like Conti and Diavol ransomware.

The post Meet Exotic Lily, access broker for ransomware and other malware peddlers appeared first on Malwarebytes Labs.

Independent Krebs Security

Who is the Network Access Broker ‘Wazawaka?’

February 2, 2022 0 Comments 902228, abakan, abaza, Breadcrumbs, constella intelligence, cs-arena.org, darkside, ddosis.ru, devdelphi@yandex.ru, domaintools, flashpoint, initial access broker, kopyovo-a, lockbit, mikhail matveev, mikhail mix matveev, mix@devilart.net, mixfb@yandex.ru, Ne'er-Do-Well News, Ransomware, uhodiransomware, wazawaka

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.