Analyzing leaked internal communication logs, security researchers are piecing together how one of the most notorious ransomware groups infiltrates its victims. Black Basta, one of the most successful ransomware groups over the past several years, had a major leak of its internal communications recently. The logs provide a glimpse into the playbook of a high-profile ransomware group and its preferred methods for gaining initial access to networks, as analysis from security researchers shows.
“Key attack vectors used by Black Basta include scanning for exposed RDP [remote desktop protocol] and VPN services — often relying on default VPN credentials or brute-forcing stolen credentials to gain initial access — and exploiting publicly known CVEs when systems remain unpatched,” researchers from patch management firm Qualys wrote in an analysis of the leaked logs.
Meanwhile, cyber threat intelligence firm KELA has observed correlations between the 3,000 unique credentials present in the leaked logs and previous data dumps from infostealing malware, suggesting relationships with other threat groups who are collecting and then selling such data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The federal government views the defendant as a flight risk and danger to the community due to his ability to access sensitive and private information.
The US Army soldier arrested for unlawful transfer of confidential phone records told a federal judge he intends to plead guilty to the charges.
Cameron John Wagenius, who went by the online alias “Kiberphant0m,” was involved in the Snowflake hacking campaign alongside Connor Riley Moucka, known as “Judische,” who was arrested in October 2024.
Wagenius was arrested after infiltrating 15 telecommunications providers while on active military duty. He then reportedly published the stolen AT&T call logs of high-ranking officials like President Donald Trump and former Vice President Kamala Harris on Dark Web forums.
Now, Wagenius has admitted to his crimes in court and is showing a willingness to enter a guilty plea, though the prosecution argues that Wagenius is a flight risk and a danger to the community due to his ability to access sensitive data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.darkreading.com/cyber-risk/us-soldier-admits-hacking-15-telecom-carriers
Adversaries like the group being tracked as Storm-2139 are already finding ways to bend and break guardrails around generative artificial intelligence (GenAI) services, and Microsoft is pushing back with a name-and-shame campaign intended to break up their little cybercrime party.
Microsoft’s digital crimes unit named four men — Iranian Arian Yadegarnia, Alan Krysiak from the UK, Hong Kong’s Ricky Yuen, and Phát Phùng Tấn from Vietnam — who were selling unauthorized access to Azure AI services along with step-by-step instructions for generating titillating images of celebrities and others.
This activity is prohibited under the terms of use for our generative AI services and required deliberate efforts to bypass our safeguards,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a statement. “We are not naming specific celebrities to keep their identities private and have excluded synthetic imagery and prompts from our filings to prevent the further circulation of harmful content.
Microsoft filed a lawsuit against the group members last month and was able to seize a website behind the operation, he explains. Subsequently, Microsoft attorneys were “doxed,” having personal information posted publicly in retaliation.
Microsoft is responding with an amended complaint along with the public naming of those they believe are behind the cyberattack, known as LLMjacking.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
