At a glance.
- Royal ransomware analyzed.
- PaperCut vulnerability detection methods can be bypassed and Iranian threat actors have joined the fray.
- Man-in-the-middle phishing attacks are on the rise.
- A new wave of BEC attacks.
- Recent Russian cyberattacks against Ukraine.
Royal ransomware analyzed.
Palo Alto Networks Unit 42 has analyzed Royal ransomware. The gang responsible has been in operation since at least September of last year. It’s comprised of Conti group alumni. They’ve been actively targeting infrastructure, with specific attention to healthcare. Most recently, they were seen targeting the city of Dallas, Texas, the most prominent victim among attacks on other local government entities in the United States and Europe. Since Royal was discovered last year, the gang has claimed responsibility for leaks of 157 organizations on their site. They were also observed to have hit fourteen organizations within the education sector, some as recently as this month. The researchers say that Royal enters through a “BATLOADER infection, which threat actors usually spread through search engine optimization (SEO) poisoning. This infection involves dropping a Cobalt Strike Beacon as a precursor to the ransomware execution.”