At a glance.
- The Atlas Intelligence Group as a cyber-mercenary talent broker.
- EvilNum and the threat to financial institutions.
- Phishing through a PayPal account.
- LAPSUS$'s career considered.
- Spearphishing in Ukraine.
- US CYBERCOM releases IOCs from Ukrainian networks.
A criminal talent broker.
Cyberint reports that they have discovered a new threat group emerging, the Atlas Intelligence Group, also known as the Atlantis Cyber-Army. Atlas is unusual in its recruitment of “cyber-mercenaries” to do specific jobs for campaigns known only to the administrators. The group has been operating and growing since May of this year, advertising in Telegram markets and its own dedicated Telegram accounts. Their customers access their services in an e-commerce store hosted on the Sellix platform.
One “Mr. Eagle,” who presents himself as the group’s leader, has advertised Atlas Intelligence Group’s variety of services, which include exclusive data leaks, distributed denial-of-service (DDoS) campaigns for hire, RDP attacks, and initial access. The group suggests in its advertising that it has connections with corrupt law enforcement personnel in Europe, but such claims, of course, are difficult to verify. "Most of their databases for sale are government related,” Cyberint says, “while access to RDP clients and webshells that are being sold, mostly belong to organizations from the finance, education and manufacturing industries.”
The permanent staff includes Mr. Eagle and perhaps four admins. They're engaged, fundamentally, in outsourcing, acting as recruiters and brokers for the talent that actually delivers the illicit services: rogue pentesters, social engineering specialists, and malware developers.
The Atlas Intelligence Group has been seen to target countries around the world, including the US, Pakistan, Israel, Colombia, and the United Arab Emirates. Cyberint doesn’t say who buys from Atlas. Calling them "mercenaries" suggests that their clientele may be states, but then criminal gangs bring in hired guns as well. (A note on naming: Atlas Intelligence Group is referred to in some reports as “AIG,” and is not to be confused with the large and legitimate insurance and financial services company American International Group.)