Serving the security and intelligence community
We’re starting the year off right with a look at our Top 10 Collective Intelligence Reports from 2021. These reports, produced by Flashpoint intel analysts, cover a wide spectrum of illicit online activity, including ransomware groups, threat actor TTPs, physical security threats, and more.
To gain access to the below reports, in addition to future Collective Intelligence Reports, click here to subscribe (it’s free!). As always, it’s been an honor to be the most trusted intelligence source serving the security and intelligence community, and we look forward to continuing to do so in 2022.
What Our Subscribers Loved: The Top 10 Collective Intelligence Reports of 2021
Methods of Bypassing Two-Factor Authentication (2FA)
Our analysts observed moderate levels of threat actor interest in tools and techniques, including phishing and mobile malware to intercept SMS communications, cross-site scripting, session sniffing, and man-in-the-middle attacks. As more programs and devices begin to rely upon 2FA for authentication, threat actors will likely continue to discuss logical and technical methods to obtain one-time passwords (OTP). In this report, readers learn about each attack method and the best defense against it.
N3tw0rm Ransomware Group
“N3tw0rm” is a new ransomware campaign that began operations on April 28, 2021. The group infected computer systems and obtained access to over 9 GB of data belonging to Israeli logistics firm, Veritas Logistics Ltd. This report details the group’s tactics, techniques, and procedures.
“Atomwaffen Division” Reactivates
On November 8, 2021, the neo-Nazi accelerationist group “Atomwaffen Division” (AWD) issued two statements declaring the group is now active again and that it is no longer associated with neo-Nazi figures and author James Mason, or AWD cofounder Brandon Russell. This is the first announcement from the group since it allegedly disbanded last year.
“Chat Logs Expose “III% Security Force” Members’ Violent Posts and Online Evasion Tactics
Discord chat logs of the group “III% Security Force” were made public by the media organization Unicorn Riot. The logs (dating from January to April 2021) reveal members of the group—a subset of the broader “Three Percenter” movement—making explicitly violent posts. This follows the movement that progressed over the past couple of months.
Relaunch of Cybercriminal Market AlphaBay
After AlphaBay Market had been taken down by law enforcement in July 2017, former admin “DeSnake”, announced on Aug. 6, 2021, that the market had been relaunched. AlphaBay was formerly one of the most popular and comprehensive darknet marketplaces, selling a wide array of illicit and illegal products and services. This research highlights how the AlphaBay relaunch will differ from its predecessor.
Related reading: What’s Old is New Again: AlphaBay Re-emerges
The Iran-Israel Shadow War
Tensions reached new heights between Iran and Israel over Iran’s nuclear program as Iran continues to enrich uranium to dangerously high levels. As a result, both sides have been engaging in hidden-hand operations and asymmetric warfare designed to counter each other’s objectives. Flashpoint analysts break down the tension between Iran and Israel and take a deep dive into the conflicts.
REvil Ransomware and Threat Actor Group
“REvil” Ransomware has been observed targeting organizations since April 25, 2019. The following report explores how REvil came to be, insights into each notable campaign by the group, and an up-to-date technical analysis about the ransomware.
Avaddon Ransomware and Threat Actor Group
This report covers how Avaddon engages in double-extortion ransomware tactics in order to maximize pressure on victims to pay the ransom. The Flashpoint team summarized Avaddon’s emergence, operations, tactics, and attacks.
Related reading: After Ransomware Ads Are Banned On Cybercrime Forums, Alternative Platforms Being Used to Advertise and Recruit
Credential and Information-Stealing Malware
This type of malware generally consists of functions to steal information from browsers and FTP software, cryptocurrency wallet files, VPN session information – from applications, and browser information consisting of history, cookies, passwords, and credit card data entered into websites. This report has broken down different types of malware families in detail and how they surface in deep and dark web marketplaces.
“IcedID” Attacks and Evolving Ransomware
With an increase in activity by the “IcedID” trojan taking place over this past year, this report walks you through IcedID’s background and attack strategies so that you and your organization can always remain one step ahead. Flashpoint analysts detail the multiple campaigns initiated from IcedID that infected victim hosts.
Come and Get Your Intel
These are just a few examples of the reports our analysts release on an ongoing basis. To receive the full reports described above via email, you can subscribe to our Collective Intelligence Reports here.
If you have any questions simply reach out to us via [email protected]. Or, if you’d like to get full access to these reports and others, we are offering a free trial of our intelligence platform. You can request yours here.
2022, here we go!