At a glance.
- CISA warns of Iranian cyber activity.
- Threat actors have their insider threats, too.
- 2K Games Support compromised to spread malware.
- Noberus: a successor to Darkside and BlackMatter ransomware.
- A GRU campaign masquerades as Ukrainian telecommunications providers.
CISA warns of Iranian cyber activity.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint warning with the FBI outlining the conduct of the cyber campaign Iran waged earlier this month against Albania. The warning includes recommended protections and mitigations should the campaign spill over to targets outside Albania. Listen to CISA's warning on the CyberWire.
Threat actors have their insider threats, too.
The builder for LockBit's new encryptor, version 3.0 or "LockBit Black," released just this past June in the criminal-to-criminal market, has been leaked online, BleepingComputer reports. Researcher "3xp0rt" tweeted early this morning that "Unknown person @ali_qushji [which account has been temporarily restricted due to "unusual activity"] said his team has hacked the LockBit servers and found the possible builder of LockBit Black (3.0) Ransomware. After 3xp0rt's tweet, VX-Underground reported that they were contacted on September 10th by a user named 'protonleaks,' who at that time had shown them a copy of the builder. It's unclear whether protonleaks and ali_gushji are one person or two people, or whether perhaps their name is really legion. LockBit reached out to VX-Underground to deny that they had been hacked, that the leak was the work of a disgruntled developer unhappy with LockBit's leadership.
Kaspersky has a useful overview of LockBit that includes the ransomware-as-a-service group's history and some observations about its place in the C2C market. CyberWire Pro has more on this most recent incident.