At a glance.
- Conti's brand appears to have gone into occultation (maybe for real, this time).
- Lockbit has now taken Conti's place as the biggest ransomware brand.
- Lithuania sustains a major DDoS attack.
- Iranian steel mill suspends production due to cyberattack.
- Bumblebee rising.
- Dark Crystal RAT described.
- Influence operations in the interest of national market share.
- SOHO routers under attack.
- YTStealer discovered, out and active in the wild.
- Most dangerous software weaknesses.
- Amunet as a case study in C2C market differentiation.
- C2C commodification extends to script kiddies.
- Killnet hits Norwegian websites.
- North Korea seems to have been behind the Harmony cryptocurrency heist.
- MedusaLocker warning.
Conti's brand appears to have gone into occultation (maybe for real, this time).
Conti seems to have retired, as a brand. BleepingComputer reports that the gang shut down its data leak and negotiation sites a week ago, and they seem to have remained down, at least for the rest of the week. Observers read this as the retirement of the brand, not the retirement (still less the reform) of the criminals behind it. "Some of the ransomware gangs known to now include old Conti members include Hive, AvosLocker, BlackCat, Hello Kitty, and the recently revitalized, Quantum operation, BleepingComputer writes. "Other members have launched their own data extortion operations that do not encrypt data, such as Karakurt, BlackByte, and the Bazarcall collective."
The gang's ARMattack campaign last November and December, short but intense, retrospectively looks like the brand's last big hurrah, except, of course, for its public declaration of adherence to Moscow's cause in Russia's war against Ukraine. Group-IB describes ARMattack as having hit some forty organizations in the US and elsewhere with noticeable effect.