Our dark web monitoring team in iZOOlogic has recently discovered that the popular cybercriminal underground marketplace, Hydra Market, has released an extensive database list of all known active phishing sites. Based on our team’s latest findings, the published list was categorised into three parts, including “Active Phishing List,” “Active Phishing List (NOW),” and “Active Phishing...Continue Reading
The notorious LockBit ransomware gang is working on improving its infrastructure and technical capabilities for future campaigns. The group claimed they are improving their defences against distributed Denial-of-Services attacks and preparing their new triple extortion strategy. They initiated the development of the group’s new defence after it suffered a DDoS attack on its corporate data...Continue Reading
A US law enforcement operation has taken down the websites and domains for the WT1SHOP marketplace. This criminal marketplace has sold troves of stolen information, such as credit card data, IDs, and login credentials. WT1SHOP was one of the most well-known criminal marketplaces of PIII data, usually used by hackers to purchase credentials. Its buyers...Continue Reading
A particular anti-Russian invasion group developed a politically motivated website called DUMPS. This newly organised hacking forum is exclusively for threat activity targeted directly at Belarus and Russia. According to users who spotted the forum, it has shown a solid political stance toward aiding Ukraine against its war against Russia. Hence, the platform is only...Continue Reading
It has been known that the dark web is laden with numerous portals of criminal cartels selling illegal drugs, malware, hitman services, or weapons. Although recently, dark web researchers have found some newly emerged Mexico-based criminal marketplaces claiming to be the online portals for these malicious trades. The researchers listed some of these malicious online...Continue Reading
On August 10, Cisco announced that the notorious Yanluowang ransomware gang had breached their corporate network last May. The threat group requested a ransom payment from the firm to keep the stolen files from being published online. However, the tech firm clarified that the stolen data were all non-sensitive, implying that the incident had no...Continue Reading
The latest dark web investigations spotted a phishing-as-a-service (PhaaS) platform, dubbed Robin Banks, launched by its operators to offer ready-made phishing kits that help their clients pose as financial institutions and other well-known brands to target victims. Hackers could choose from numerous organisations offered by the PhaaS platform, including popular ones like Netflix, Capital One,...Continue Reading
A newer version of the Redeemer ransomware was spotted being advertised on hacking forums, where its developers offer other unskilled hackers the free-to-use ransomware builder to aid them in propagating attacks. Written in C++, the ransomware’s second version works on all Windows OS and features a multi-threaded performance that could also evade security detection. ...Continue Reading
Dark web investigators recently identified a new ransomware operation called Lilith after its operators posted their first victim on their leak site for double extortion campaigns. The new Lilith ransomware is designed for the 64-bit Windows version and is a C/C++ console-based payload. According to the initial studies on the new ransomware, its operators conduct...Continue Reading
A new strategy implemented by ransomware groups could force their victims into paying the ransom demands and not leak their stolen data. From the reports about these latest findings, the threat groups have added a search feature on their dark web leak site that allows anyone to find the group’s victims or specific details related...Continue Reading
