Over the past thirty days, the Ankura Cybersecurity team has worked with clients to solve cybersecurity challenges involving recent cyber mercenary threat activity, coordinated government crackdowns on ransomware operations and affiliates, and a new open-source fuzz-testing Google tool that will allow developers, administrators, and security personnel to find vulnerable software bugs more efficiently.
Void Balaur: A Cyber Mercenary Case Study
Trend Micro unveiled research on threat actor Void Balaur, a long-running cyber mercenary group of likely Russian origin. The group appears to be connected to social engineering and hacking attacks against high-profile targets, financially motivated attacks across several sectors, and trafficking sensitive information from Russian databases.
GoldDust Arrests Individuals Tied to Ransomware
Law enforcement agencies from several countries combined their intelligence efforts to form a joint investigation team named “GoldDust” to combat ransomware and track down hackers belonging to the infamous group REvil. Recently, U.S. law enforcement arrested individuals involved with REvil and GandCrab as a result of this effort.
U.S. Sanctions Ransomware-Affiliated Crypto Exchanges
In an effort to combat ransomware threats, the Biden administration has started issuing sanctions intended to stop businesses in the U.S. from being able to trade or financially transact with a country or organization, essentially breaking the flow of capital to the criminal organizations behind the ransomware groups.
Google Unveils New Fuzz-Testing Tool
Fuzzing is an essential tool threat actors use to flood a victim application with junk data to find an exploitable bug. Google’s new open-source tool Clusterfuzzlite integrates fuzz-testing into the software development workflow, allowing software developers to quickly and efficiently catch bugs that would slip through most manual checks and review pre-release.
Read more by downloading our full November Cyber Threat Intelligence Bulletin below.
© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.