Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware Threat Score: High (8.8/10) — Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced tools for
Threat Group: NoName (formerly known as CosmicBeetle) Threat Type: Ransomware (Part of the Spacecolon malware family) Exploited Vulnerabilities: CVE-2017-0144 (EternalBlue), CVE-2023-27532 (Veeam Backup), CVE-2020-1472 (ZeroLogon), and others Malware Used: ScRansom, LockBit variants, RansomHub Threat Score: High (8.5/10) – Due to its focus on SMBs and evolving encryption methods Last
Threat Group: Phobos Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Exposed Remote Desktop Protocol (RDP) Ports, Weak Passwords, Phishing Attacks Malware Used: Phobos Ransomware Overview: Phobos ransomware remains a significant and evolving threat, particularly targeting critical sectors such as healthcare, government, and education. Since its emergence in 2019, Phobos
Threat Group: - Qilin (formerly known as "Agenda") Threat Type: - Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: - Zero-day vulnerabilities, VPN access without multi-factor authentication (MFA), spear-phishing, and remote monitoring tools Malware Used: - Qilin Ransomware, with variants developed in Golang and Rust Threat Score: - High (8.8/10)
Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more