How Flashpoint Shaped the News: A Year of Blogs and Press
This blog is part of our 2022 Year In Review, an intelligence retrospective highlighting the most significant trends of the past year—plus insight into 2023.
This year, Flashpoint intelligence analysts worked with reporters at a wide variety of publications serving a variety of audiences across the private and public sectors. Their expertise—along with many of the 150 new blogs we published in 2022—was featured in The Wall Street Journal, Axios, The Washington Post, WIRED, The Financial Times, Bloomberg, Dark Reading, ThreatPost, Bleeping Computer, and many other news outlets, linked below, that produce the journalism you read daily.
We’ve organized a list of some of the most important Flashpoint blogs and press clippings from the year that was. Together, they illustrate Flashpoint’s intelligence, innovations, and impact in helping organizations tackle a wide variety of cyber and physical security challenges.
Contributing to the vulnerability intelligence landscape
Discovering new vulnerabilities
Amidst numerous reports by Federal cybersecurity agencies that Advanced Persistent Threats (APTs) were targeting vulnerable network routers and devices, our in-house vulnerability research team discovered two critical vulnerabilities affecting NetModule Router Software (SC Magazine).
Shedding light on newly disclosed zero-days and other critical vulnerabilities
2022 introduced many new vulnerabilities. However, when new issues catch the attention of the media or threat actors themselves, security teams often struggle to triage them—since actionable details are not often available yet in CVE, at time of its disclosure. As such, we made sure that we helped clear the air for several in-demand vulnerabilities such as SpringShell (VentureBeat), Text4Shell (The Hacker News), and the zero-days affecting Microsoft’s Exchange Server software (The Record).
Security teams that often struggle with their workloads need a comprehensive source of vulnerability intelligence. It is also paramount that organizations understand how CVE’s passive approach to vulnerability aggregation negatively impacts their teams:
Tracking illicit marketplaces and threat actor activity
Earlier this year we observed that Raid Forums, a popular illicit online community notorious for its high-profile large-scale database leaks, was suddenly seized by an unknown identity. Raid Forums had run unimpeded since 2015, however, no official government agency or other cyber threat groups had claimed responsibility for shutting down the domain. Three weeks later, Breach Forums took Raid Forum’s place and is now poised to become its successor.
Before Alphabay’s shutdown in 2017, it was considered one of the most popular darknet marketplaces—selling a wide array of illicit and illegal goods and services. Now, it is back to its former glory with plans to innovate. One year after its reemergence, we laid out what we saw and what we believe will come next for Alphabay Market. Our Alphabay-related intelligence research was featured in WIRED, among other outlets.
APTs, threat actors, and ransomware groups have been quite prolific this year, but so have we—our analysts have been hard at work detailing their illicit activities.
Among many threat actor groups, LAPSUS$ made serious headlines this year. Initially targeting Latin American and Portuguese organizations in 2021, LAPSUS$ has since broadened their scope, successfully breaching well-known organizations such as Nvidia, Microsoft, and Okta. Despite the sophistication of these attacks, there were rumors that the group was possibly led by, or had, teenagers in their ranks (Bloomberg)—a theory that Flashpoint analysts helped to corroborate.
On September 18, a threat actor named “teapotuberhacker” posted on an online forum claiming to have hacked Rockstar Games, the creator of the popular and controversial Grand Theft Auto (GTA) video game series. Our analysts quickly took note that several sources in monitored illicit channels had tied teapotuberhacker to the recent Uber hack, also stating that he was a member of LAPSUS$—and a minor. Read the aftermath of our findings by reading The CyberWire, The Hacker News, and ITWorldCanada’s follow-up stories.
Cyber meets kinetic: Russia’s invasion of Ukraine
Before Russian troops invaded Ukraine, there was a trail of cyber intelligence seemingly leading to a potential conflict. Two days before the war, US intelligence noted that Russia had gathered 190,000 soldiers along the Ukrainian border. At that time there were no visual signs of fighting between the two nations, our analysts observed that much of the “action” was taking place on the internet as both Ukrainian nationalists and Russian-aligned groups raced to recruit people for their causes—with cybercriminal groups also joining the fray.
When Russia declared war on Ukraine, we offered free access to our intelligence helping the countries and organizations who would be impacted by the crisis. The Cybersecurity Infrastructure and Security Agency (CISA) saw increased activity from Russian APTs, and in response President Biden announced the Shields Up campaign—further highlighting the need for detailed vulnerability intelligence. As the war continued we saw the Conti ransomware group declare their allegiance to Russia, in addition to other groups such as Killnet—who would partner together on “judgment day”—where they bombarded Lithuania with relentless DDoS attacks.
Since the war is ongoing, there will be more updates and more stories to cover. To keep up to date on Flashpoint’s coverage of the Ukraine-Russian war, bookmark our Timeline of Russia’s Invasion of Ukraine: Cyber and Physical Warfare post which is continually being updated with the latest news:
Stay informed with Flashpoint
There is something new happening everyday and the incessant noise can make it hard for security teams to protect their organizations effectively. Therefore, the analysts and writers at Flashpoint are dedicated in providing you details and updates for the most important threat-related current events you need to be aware of. To stay in-the-know, bookmark our Threat Intel Blog. Sign up for a free trial to gain access to Flashpoint’s best-in-class threat and vulnerability intelligence.