Marco Ramilli's Blog
5,149 FOLLOWERS
Hacking, Malware Evasions, Penetration testing, Targeted attacks, Malware analysis and everything related to Cyber Security Field.
Marco Ramilli's Blog
1M ago
Introduction
i-SOON (上海安洵), a prominent contractor for various Chinese government agencies such as the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army, experienced a significant data breach during the weekend of Feb 16th. The breach has shed light on the internal workings of a state-affiliated hacking contractor, although the source and motivations behind the leak remain undisclosed. Verification of the leaked documents is ongoing, yet they corroborate existing public threat intelligence.
This breach offers unprecedented insight into China’s evolving cyber ..read more
Marco Ramilli's Blog
2M ago
When I saw a threat actor hijacking the X account of Google’s Mandiant division and promoting a cryptocurrency scam I suddenly became curious about this new prominent trend. Indeed this attack was just one of many happened during the past few weeks (HERE).
A new black market trend
Establishing a presence on a prominent social media platform, formerly recognized as Twitter (now referred to as X), is pivotal for cultivating brand identity and visibility. The influence wielded by a tweet bearing the coveted blue checkmark is widely acknowledged. Initially tied to a stringent verification process ..read more
Marco Ramilli's Blog
3M ago
LOCKBIT 3.0 is a notorious Ransomware Group that was first identified on 09 Dec, 2022. Operating with various aliases and suspected to be involved in a range of cyber activities, this group poses a significant threat in the cybersecurity landscape.
Further monitoring tasks and for having more analyses on the cyber threat panorama, consider to subscribe to personal Cyber Intelligence Feeds .
Basic Info
Name: LOCKBIT 3.0
Aliases: –
First seen: 09 Dec, 2022
Suspected aliases: –
Engagements
Active Channels:
lockbitapt6vx57t3eeqj – REDACTED – nygvokja5uuccip4ykyd.onion
lockbitapt2d73krlbewgv27tq ..read more
Marco Ramilli's Blog
3M ago
Category: Defacement
Content: Group claims to have defaced the organizations website.
Mirror : https://zone-xsec.com/mirror/id/637556
Source: telegram
Source Link: https://t.me/cybererrorsystem/1163
Threat Actor: Cyber Error System
Victimology
Country : India
Industry : Education
Organization : b.n. college, bhagalpur ..read more
Marco Ramilli's Blog
3M ago
Category: Defacement
Content: Group claims to have defaced the organizations website
Source: telegram
Source Link: https://t.me/cybererrorsystem/1163
Threat Actor: Cyber Error System
Victimology
Country : India
Industry : Education
Organization : bahona college ..read more
Marco Ramilli's Blog
3M ago
Category: Data Breach
Content: Threat actor claims to have obtained data of noomeera.com, the website of Noomeera, a Russian social media company.
Source: openweb
Source Link: https://breachforums.is/Thread-Noomera-ru-Leaked-Download
Threat Actor: perell
Victimology
Country : Russia
Industry : Social Media & Online Social Networking
Organization : noomeera ..read more
Marco Ramilli's Blog
3M ago
Category: Data Leak
Content: Threat actor is offering to sell Betting/Casino Global database from various countries like UK, Germany, Netherlands and other countries.
Source: openweb
Source Link: https://forum.exploit.in/topic/235084/
Threat Actor: SpaceMonkey
Victimology
Country : UK
Industry : Gambling & Casinos
Organization : undefined ..read more
Marco Ramilli's Blog
3M ago
Category: Data Leak
Content: Threat actor is offering to sell various databases containing sensitive information like banking, gambling, educational, and real estate data. The advertisement claims the data is freshly acquired and has never been sold before, emphasizing secrecy and exclusivity.
Source: openweb
Source Link: https://forum.exploit.in/topic/235083/
Threat Actor: SpaceMonkey
Victimology
undefined : undefined
undefined : undefined
undefined : undefined ..read more
Marco Ramilli's Blog
3M ago
Category: DDoS Attack
Content: Proof of down time : https://check-host.net/check-report/13f844c0kc8f
Source: telegram
Source Link: https://t.me/Tronc2powerproof/447
Threat Actor: Tron Power Proof
Victimology
Country : Pakistan
Industry : Information Technology (IT) Services
Organization : netmag pakistan ..read more
Marco Ramilli's Blog
3M ago
Category: Malware
Content: Threat actor is offering to sell Plesk Checker.
Plesk is a commercial web hosting and server data center automation software developed for Linux and Windows-based retail hosting service providers.
Source: openweb
Source Link: https://xss.is/threads/104280/
Threat Actor: XYZRat
Victimology
undefined : undefined
undefined : undefined
undefined : undefined ..read more