Resources
Providing you the latest industry-specific news and insights.
Codecov Bash Uploader Supply Chain Attack
By Arete Cyber Threat Intelligence Team EXECUTIVE SUMMARY On April 15, Codecov announced a compromise to its Bash Uploader (a software application used in some of its products), whereby a threat actor was able to send sensitive information from…
Read more![]()
Black Kingdom Returns to Exploit Zero-Day Vulnerabilities in Unpatched Microsoft Exchange Servers
Black Kingdom ransomware recently resurfaced to target a zero-day vulnerability in Microsoft Exchange servers.
Read moreDon’t Drink from That! Gootloader Watering Hole Leads to REvil Attack
REvil, more commonly referred to as Sodinokibi, is one of the most prolific ransomware threat groups currently active in the cyber extortion space. In the past year alone, Arete has responded to countless incidents where REvil has facilitated…
Read more![]()
Darkside Ransomware: Caviar Taste on Your Big-Game Budget
Explore Darkside ransomware, an operation utilizing sophisticated tactics to target high-revenue organizations. Arete's threat intelligence data reveals high ransom demands, extensive business downtime, and universal data exfiltration.
Read moreGood Europol Hunting: How Do You Like Them Apples, Emotet?
On January 27, 2021, Europol announced that it had led a coordinated takedown of the Emotet infrastructure in collaboration with law enforcement authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania,…
Read more![]()
Egregor: The Ghost of Soviet Bears Past Haunts On
Egregor ransomware, a sophisticated RaaS platform, uses data exfiltration and brazen negotiation tactics to target major sectors like manufacturing and retail and caters to experienced affiliates.
Read more![]()
WastedLocker Ransomware Insights
WastedLocker is a new ransomware variant with encryption capabilities that some researchers believe to be linked to the sanctioned “Evil Corp” group. However, Arete's analysis determined that evidence of the connection is not conclusive.
Read moreSodinokibi Labels Keys with “Black Lives Matter”
OVERVIEW Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements. The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with…
Read more![]()
AKO Ransomware – Analysis
Dive into AKO ransomware's methods and impact, including its unique data encryption and extortion techniques. This analysis provides an in-depth look at AKO’s rise and the challenges it presents for organizations and security professionals.
Read moreUS Government Alerts of Imminent Attacks Against the Healthcare Sector by Trickbot Group
EXECUTIVE SUMMARY Last week, the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released the following alert: AA20-302A…
Read more![]()
Conti Ransomware is the New Ryuk?
Based on forensic analysis, Arete’s Threat Intelligence team observed that Conti ransomware could be a rebrand of Ryuk ransomware, as both variants have similar tactics, including leveraging the TrickBot banking trojan to deploy ransomware.
Read more![]()
Over 390,000 Credentials Stolen via Malicious GitHub Repository
Year-long trojanized supply chain attack targets pros and thieves, stealing credentials and installing cryptominers.
Read more
