Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
Not so lucky: BlackCat is back! Authors: Alex Jessop @ThisIsFineChief , Molly Dewis While the main trend in the cyber threat landscape in recent months has been MoveIt and Cl0p, NCC Groups’ Cyber Incident Response Team have also been handling multiple different ransomware groups over the same period. In the ever-evolving cybersecurity landscape, one consistent […]
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
This blog looks to build on the work of other security research done by SecureWorks and PwC with firsthand experience of TTPs used in a recent incident where ShadowPad was deployed. ShadowPad is a modular remote access trojan (RAT) which is thought to be used almost exclusively by China-Based threat actors.
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
This post explores some of the TTPs employed by a threat actor who were observed deploying LockBit 3.0 ransomware during an incident response engagement.
Top of the Pops: Three common ransomware entry techniques
by Michael Mathews Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims […]
Climbing Mount Everest: Black-Byte Bytes Back?
In the Threat Pulse released in November 2021 we touched on Everest Ransomware group. This latest blog documents the TTPs employed by a group who were observed deploying Everest ransomware during a recent incident response engagement.
Shining the Light on Black Basta
This blog post documents some of the TTPs employed by a threat actor group who were observed deploying Black Basta ransomware during a recent incident response engagement, as well as a breakdown of the executable file which performs the encryption.
Metastealer – filling the Racoon void
MetaStealer is a new information stealer variant designed to fill the void following Racoon stealer suspending operations in March of this year.
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
This blog post documents some of the actions taken during the initial access phase for an attack attributed to Lazarus, along with analysis of the malware that was utilised during this phase.
Adventures in the land of BumbleBee – a new malicious loader
BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. This post provides our initial analysis
LAPSUS$: Recent techniques, tactics and procedures
This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents.