How Flashpoint Shaped the News: A Year of Blogs and Press
This blog is part of our 2022 Year In Review, an intelligence retrospective highlighting the most significant trends of the past year—plus insight into 2023.
This year, Flashpoint intelligence analysts worked with reporters at a wide variety of publications serving a variety of audiences across the private and public sectors. Their expertise—along with many of the 150 new blogs we published in 2022—was featured in The Wall Street Journal, Axios, The Washington Post, WIRED, The Financial Times, Bloomberg, Dark Reading, ThreatPost, Bleeping Computer, and many other news outlets, linked below, that produce the journalism you read daily.
We’ve organized a list of some of the most important Flashpoint blogs and press clippings from the year that was. Together, they illustrate Flashpoint’s intelligence, innovations, and impact in helping organizations tackle a wide variety of cyber and physical security challenges.
Contributing to the vulnerability intelligence landscape
Discovering new vulnerabilities
Amidst numerous reports by Federal cybersecurity agencies that Advanced Persistent Threats (APTs) were targeting vulnerable network routers and devices, our in-house vulnerability research team discovered two critical vulnerabilities affecting NetModule Router Software (SC Magazine).
Organizations Deploying NetModule Router Software May Be Vulnerable to Exploitation
Flashpoint’s vulnerability research team discovers new vulnerabilities, working closely with vendors and customers to ensure that these issues are addressed.
Shedding light on newly disclosed zero-days and other critical vulnerabilities
2022 introduced many new vulnerabilities. However, when new issues catch the attention of the media or threat actors themselves, security teams often struggle to triage them—since actionable details are not often available yet in CVE, at time of its disclosure. As such, we made sure that we helped clear the air for several in-demand vulnerabilities such as SpringShell (VentureBeat), Text4Shell (The Hacker News), and the zero-days affecting Microsoft’s Exchange Server software (The Record).
Security teams that often struggle with their workloads need a comprehensive source of vulnerability intelligence. It is also paramount that organizations understand how CVE’s passive approach to vulnerability aggregation negatively impacts their teams:
Why the Full Vulnerability Intelligence Picture Depends on Data Beyond CVE and NVD
If your risk models are missing one-third of all known vulnerabilities, are they effective?
Tracking illicit marketplaces and threat actor activity
Earlier this year we observed that Raid Forums, a popular illicit online community notorious for its high-profile large-scale database leaks, was suddenly seized by an unknown identity. Raid Forums had run unimpeded since 2015, however, no official government agency or other cyber threat groups had claimed responsibility for shutting down the domain. Three weeks later, Breach Forums took Raid Forum’s place and is now poised to become its successor.
Breach Forums Is Marketing Itself as a Raid Forums Successor
After about three weeks after Raid Forums was seized, a threat actor launched an alternative illicit hacking community called Breach Forums.
Follow the story on TechTarget, PC Magazine, and the Hacker News.
Before Alphabay’s shutdown in 2017, it was considered one of the most popular darknet marketplaces—selling a wide array of illicit and illegal goods and services. Now, it is back to its former glory with plans to innovate. One year after its reemergence, we laid out what we saw and what we believe will come next for Alphabay Market. Our Alphabay-related intelligence research was featured in WIRED, among other outlets.
AlphaBay Turns 1—Again: Analyzing the Impact of AlphaBay Market
One year into its reemergence, AlphaBay has become one of the largest illicit marketplaces on the darknet.
APTs, threat actors, and ransomware groups have been quite prolific this year, but so have we—our analysts have been hard at work detailing their illicit activities.
Among many threat actor groups, LAPSUS$ made serious headlines this year. Initially targeting Latin American and Portuguese organizations in 2021, LAPSUS$ has since broadened their scope, successfully breaching well-known organizations such as Nvidia, Microsoft, and Okta. Despite the sophistication of these attacks, there were rumors that the group was possibly led by, or had, teenagers in their ranks (Bloomberg)—a theory that Flashpoint analysts helped to corroborate.
What We Know About the ‘Grand Theft Auto VI’ Data Breach
This data breach adds to the growing list of cyberattacks experienced by organizations in the gaming industry.
On September 18, a threat actor named “teapotuberhacker” posted on an online forum claiming to have hacked Rockstar Games, the creator of the popular and controversial Grand Theft Auto (GTA) video game series. Our analysts quickly took note that several sources in monitored illicit channels had tied teapotuberhacker to the recent Uber hack, also stating that he was a member of LAPSUS$—and a minor. Read the aftermath of our findings by reading The CyberWire, The Hacker News, and ITWorldCanada’s follow-up stories.
Cyber meets kinetic: Russia’s invasion of Ukraine
Before Russian troops invaded Ukraine, there was a trail of cyber intelligence seemingly leading to a potential conflict. Two days before the war, US intelligence noted that Russia had gathered 190,000 soldiers along the Ukrainian border. At that time there were no visual signs of fighting between the two nations, our analysts observed that much of the “action” was taking place on the internet as both Ukrainian nationalists and Russian-aligned groups raced to recruit people for their causes—with cybercriminal groups also joining the fray.
When Russia declared war on Ukraine, we offered free access to our intelligence helping the countries and organizations who would be impacted by the crisis. The Cybersecurity Infrastructure and Security Agency (CISA) saw increased activity from Russian APTs, and in response President Biden announced the Shields Up campaign—further highlighting the need for detailed vulnerability intelligence. As the war continued we saw the Conti ransomware group declare their allegiance to Russia, in addition to other groups such as Killnet—who would partner together on “judgment day”—where they bombarded Lithuania with relentless DDoS attacks.
Our analysts are continually monitoring the crisis, and have observed the digital ripple effect that the war has had on Russia’s black market and its cybercriminal underground:
Since the war is ongoing, there will be more updates and more stories to cover. To keep up to date on Flashpoint’s coverage of the Ukraine-Russian war, bookmark our Timeline of Russia’s Invasion of Ukraine: Cyber and Physical Warfare post which is continually being updated with the latest news:
Timeline of Russia’s Invasion of Ukraine: Cyber and Physical Warfare
A collection of Flashpoint coverage of the Russia-Ukraine War, from cyber attacks on infrastructure to illicit financing of mercenary groups.
Stay informed with Flashpoint
There is something new happening everyday and the incessant noise can make it hard for security teams to protect their organizations effectively. Therefore, the analysts and writers at Flashpoint are dedicated in providing you details and updates for the most important threat-related current events you need to be aware of. To stay in-the-know, bookmark our Threat Intel Blog. Sign up for a free trial to gain access to Flashpoint’s best-in-class threat and vulnerability intelligence.