The rapid and recent rise of cyber threat actor group Indonesian Cyber Jawa represents a pivot within the Indonesian cyber underground towards a more sophisticated attack toolkit from a relatively underrepresented underground criminal faction. The group is concentrating its defacement efforts on online retailers while simultaneously attempting to defraud targets in the same business vertical.
Vigilante wishes to highlight a threat actor or threat actor group on an exclusive Russian-language Dark Web forum that is currently advertising the Ransomware-as-a-Service (RaaS) known as “Smaug”. Although this type service is not entirely new, the Smaug RaaS platform is a particularly attractive option for lower-tier or unskilled cyber criminals to enter the Ransomware threat space, increasing the proliferation…
Vigilante wishes to highlight two more ransomware groups that have adopted the Maze Team model of extorting their victims to pay: NetWalker and Ako. Under the Maze model, once the group has the victim’s data in its possession, it demands two separate ransoms; the first ransom amount is for providing a decryption key and the second is to delete all the data they copied and exfiltrated before locking up the victims’ files.
Vigilante warns that over the last few weeks threat actor group Maze Team is claiming to have attacked at least two insurance companies with ransomware and may be eyeing additional insurance industry victims.
Over the past week, Vigilante has observed an uptick in Deep and Dark Web (DDW) communities experiencing an increase in scams targeting DDW users, overwhelmed DDW moderators, and degraded webpage performance of popular DDW forums and marketplaces.
Vigilante assesses that cyber threat actors will continue to exploit the current fallout surrounding Iran to meet their own ends, complicating efforts to differentiate between official state sponsorship, hacktivism, independent threat actors showcasing their expertise, and disinformation campaigns; all increasing the risk of a policy miscalculation.