CYBER THREAT INTELLIGENCE BLOG

Fake Ransomware - The New Cyber Deceit blog

New Phone, Who Dis? The Importance of Verifying Threats in the Age of Fake RaaS

They say imitation is the sincerest form of flattery. If that’s the case, some ransomware-as-a-service (RaaS) threat actors must be feeling seriously good about themselves lately.  With ransomware operations hitting the headlines, and the global cost of ransomware damage predicted to hit $231B by 2031, threat actors are increasingly creating fake operations, often leveraging the fame of other actors to get more attention to their own activities in order to get a slice of the action.
Blog I-Soon image

I-Soon leak: KELA’s insights

On February 16, 2024, a repository titled “I-S00N” was uploaded to Github, allegedly intended to expose insider information about I-Soon (Anxun Information Technology Co., 安洵信息技术有限公司,i-soon[.]net), a Chinese technology company in the cybersecurity field. The dump may indeed be a breach of I-Soon and contains documentation related to the company’s products, including spyware and offensive tools and services. AP News reported that two anonymous employees of I-Soon confirmed that the leak originated from the company. However, the cause and the leaker are still unclear.  KELA acquired and analyzed the leaked data. This blog outlines the most interesting insights, such as the structure of the leak, clients and potential targets of I-Soon, the company’s connection to advanced persistent threats (APTs), and discussions about zero-day vulnerabilities.  
Russia-Ukraine war: pro-Russian hacktivist activity two years on

Russia-Ukraine war: pro-Russian hacktivist activity two years on

It has been two years since Russian forces invaded Ukraine. The war is not only being fought on the ground, but also in cyberspace. Russian state-sponsored APT groups have been observed targeting Ukrainian entities, including government organizations and telecommunication companies. Moreover, the Ukrainian government has also been observed claiming to have conducted attacks against Russian organizations.

From Data Leaks to Bot-led Takeovers: Understanding Leaked Credentials vs Compromised Accounts

If we had a nickel for every time someone asked us the difference between leaked credentials and compromised accounts… Well, we’d be able to treat the team to a packet of Oreos one of these days. Why does it matter? Well, according to CISA, 54% of cyberattacks involve the use of valid accounts. As a result, understanding the risk of compromised accounts and leaked credentials is critical.  This article tackles the terms head-on, and discusses how threat actors get their hands on sensitive account details, diving deep into the different types of vulnerability and what they mean for protecting your organization.
2024 in Cybercrime_ KELA Predictions

2024 in Cybercrime: KELA Predictions

While some cybercriminals are on their holiday vacations (yes, we observed zero new ransomware victims on New Year’s Eve), the lull won’t continue long. Ahead of the new battles of 2024, KELA elaborates on the most expected trends in cybercrime for this year.

Your Compromise Is Confirmed: How Threat Actors Access Hotel Accounts on Booking.com

Over the last few months, several phishing campaigns were spotted using compromised credentials of hotels and homeowners. Particularly interesting is a widespread operation that employs these credentials to contact guests on Booking.com via their internal messenger (1, 2, 3, 4). In a fraudulent message, the attackers impersonate a hotel and lure victims into visiting a malicious phishing page designed to steal their credit card details.

5 Questions About Hamas-Israel War

As we approach the end of 2023, the Hamas-Israel war still rages on, and so do cyberattacks accompanying it. KELA selected 5 questions out of those we’ve been asked by our clients and partners (aside from “how are you?”) in the past 70+ days, and represent the cybersecurity angle of a physical war.