February 25, 2022

TrickBot developers move to stealthier malware after TrickBot malware operation shuts down

On Thursday 24th of February 2022, the TrickBot malware operation is believed to have shut down after it was reported that their core developers have move to the Conti ransomware gang to focus development on the other malware families which Conti has in their operations. TrickBot has been a key Windows malware which has been part of the threat landscape […]
February 25, 2022

Cyber threat groups pick sides over Russia’s invasion of Ukraine

The week of the 21st of February 2022 has seen threat actor groups announce their support in relation to Russia’s invasion of Ukraine. The one of the first announcements were from an administrator of Raidforums which is one of the largest clearnet hacking forums who announced that the forum was blocking all Russia IPs and therefore block any users connecting […]
February 21, 2022

Expeditors forced to shut own global operations after possible ransomware attack

On Sunday 20th of February 2022, Expeditors, a Seattle-based logistics and freight forwarding company announced they had experienced a cyber-attack which resulted in Expeditors having to shut down most of their operation worldwide. This has led to limitations to their freight, customs and distribution activities which could led to their client’s shipments being delayed. Due to the significant impact of […]
February 21, 2022

Data breach announced by US’s Largest cookware giant Meyer

On Tuesday 15th of February 2022, Meyer Corporation, the largest cookware distributor in the United States of America informed US Attorney General offices of a data breach because of a cyber-attack against the corporation back in October 2021. It is believed that the corporation became a target for a cyber-attack on October 25, 2021, and therefore in response, they launched […]
February 14, 2022

FBI releases joint Advisory with U.S. Secret Service against BlackByte ransomware

On Friday 11th of February 2022, the US Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory with the U.S. Secret Service (USSS) about indicators of compromise associated with BlackByte ransomware. The joint advisory alert details indicators of compromise (IOCs) from previous BlackByte ransomware attack which organisations can use to detect and defend against future BlackByte’s attacks. The joint […]
February 14, 2022

Japanese sports brand Mizuno experiences system outages from possible ransomware attack

On Tuesday 8th of February 2022, Mizuno, a Japanese sports equipment and sportswear company with locations throughout Asia, Europe, and North America started to experience system outages involving phone outages and order delays. It is believed that it is due to a ransomware attack on their US corporate network over the weekend of the 4th of February. Many customers have […]
February 13, 2022

NFL’s San Francisco 49ers experience a Blackbyte ransomware attack

On Saturday 12th of February 2022, the BlackByte ransomware group announced that they had stolen data from the NFL’s San Francisco 49ers team during a ransomware attack. The 49ers have confirmed that they have experienced a cyber-attack which has resulted in disruptions in portions of their IT network. It is believed that the incident involved ransomware as the 49ers stated […]
February 10, 2022

US releases joint advisory warning organisations against observed behaviours and trends of ransomware operations from 2021

On Wednesday 9th of February 2022, Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint cybersecurity advisory where they warned of an increase globalized threat of ransomware as FBI, CISA, NSA, ACSC, and NCSC have […]
February 9, 2022

Egregor, Maze master decryption keys released by alleged developer

On Tuesday 8th of February 2022, the decryption keys for Maze, Egregor, and Sekhmet ransomware operations and the source code for the M0yv ‘modular x86/x64 file infector’ were leaked on the BleepingComputer forums by the alleged malware developer who went by the name of “Topleak” when leaking the keys. The user stated that this leak was planned and had no […]