BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
European Focused Threat Actors – Who Actively Continue Their Strategies

European Focused Threat Actors – Who Actively Continue Their Strategies

BRANDEFENSE
APT Groups
03/10/2022

Table of Contents

  • Introduction
    • Darka
    • Spamhouse
    • Juzab
    • Matanbuchus
    • убитноневами
    • GhostSec
    • AgainstTheWest / BlueHornet

Introduction

Cyber attacks experienced during the COVID-19 pandemic process have increased not only in vectors and numbers but also in terms of their impact. The pandemic process has expanded the surface of attacks and caused an increase in the number of cyber attacks targeting organizations through homes and offices. Also, cyber threat environments are changing with the fact that attackers are coming up with new technologies and processes constantly.

For example, in 2021, when we inspect the SolarWinds attack, which made an enormous impact, it seems that the malware has adopted a way of distributing embedded in a trusted product. After the SolarWinds attack, it has been determined that 1500 small and medium-sized companies were affected, especially the U.S. and Europe.

It has been observed that the main motivation of individual threat actors who carry out European-focused attacks is to earn financial gain. Cybercriminals have made the banking/financial sector the main target. With the crisis of the COVID-19 Pandemic, targeted ransomware attacks have increased swiftly. Many organizations that could not afford service interruptions had to pay the requested ransom. Although, some ransomware groups have demanded more ransomware, threatening organizations to publish stolen data using Double Extortion methods.

Threat actors that are supported by governments usually organize longer-term operations in the interests of the state they are affiliated with. Financial interests are in the background and trying to obtain strategic intelligence about the targeted country. It all comes to this that it is significant for security teams’ operations in today’s environment, where visibility and agility are crucial more than ever to be able to monitor cyber threat actors and their ongoing activities.

Darka

The threat actor, who uses the username DARKA on underground platforms, is actively selling databases belonging to 25 European countries. When the other shares of the threat actor were examined, the shares containing the sale of passports, identity cards, and personal data aimed at Europe were observed.

darka threat actors
Figure 1: Screenshot from a website where Darka sells databases belonging to European countries

Spamhouse

The threat actor called Spamhouse often operates on Russian underground platforms. When the shares were examined, it was seen that the seized databases belonging to institutions in many European countries were sold. The threat actor regularly sells new hacked databases.

spamhouse threat actor
Figure 2: The threat actors called "Spamhouse" selling databases seized from European countries

Juzab

The threat actor named Juzab continues his strategies on Russian underground platforms, exploiting certain vulnerabilities and selling access to institutions.  The group usually sells the access information of the relevant institution to the highest bidder using the auction method.

juzab threat actors
Figure 3: An offer from the threat actors named Juzab

Matanbuchus

The threat actor, who uses the username  Matanbuchus mostly continues his activities by renting the malicious software they have specially prepared to other attackers. When the threat actor’s other shares are examined, it is seen that he sells and rents malicious software that is not caught by antivirus systems.

matanbuchus malicious actors
Figure 4: An announcement from Matanbuchus on the dark web

убитноневами

The threat actor named убитноневами, who is active on Russian underground forums, usually sells user information obtained from devices included in the botnet network. Besides, it also shares large log data publicly in order to achieve popularity. The shared log data belongs to the users who are included in the botnet network. This data includes much information such as desktop screen photos, credit card and password information saved in the browser, system information, a list of processes running in the system, autofill values, and cookie values saved in the browser. The relevant log data is obtained from many countries worldwide by infecting the user’s computers with malicious software called Stealer.

убитноневами log stealer
Figure 5: An announcement from убитноневами on a dark web froum

GhostSec

The threat actor named GhostSec, who is active on underground forums and Telegram channels, announce group’s hacking activities. The group started their activities on 2015 against ISIS but they have unknown origin.

GhostSec is a highly organized hacktivist group that has ties with members of the “Anonymous” hacktivist collective. Similar like Anonymous operations, the actions of GhostSec is shared on Twitter and Telegram to show DDoS attacks, OS intrusions, webpage defacement (indexed websites) and data leaks.

The threat group has a subscription-based premium channel on Telegram, in which they share exclusive content, such as leaks, tutorials, and others with their subscribers.

ghostsec threat actors
Figure 7: A screenshot from GhostSec's Telegram account

AgainstTheWest / BlueHornet

The threat actor named BlueHornet, who is active on underground forums and Telegram channels, announce group’s hacking activities. The group usually targets Russian companies.

Also the BlueHornet claimed about hacking TikTok’s databases. After couple of proof of concept tweets and serious data leakage Twitter has suspended the group’s social media account. Despite of shared proof of concepts by the BlueHornet, allegations were denied from TikTok.

bluehornet-againsttheweat
Figure 6: BlueHornet's Twitter account
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • The Impact of Machine Learning on Enhancing Threat Detection
    The Impact of Machine Learning on Enhancing Threat Detection
  • The Future of AI in Cybersecurity: Benefits and Risks
    The Future of AI in Cybersecurity: Benefits and Risks
  • Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
    Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
  • What is Supply Chain Security?
    What is Supply Chain Security?
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Critical 0-Day Alarm in Microsoft Exchange Server

microsoft
the most affected products from vulnerabilities and ransoms
Next post

The Most Affected Products by Vulnerabilities

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close