Anomali Cyber Watch: APT, Finance Ransomware and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China Chopper, Gozi, Hafnium, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.


Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.


Trending Cyber News and Threat Intelligence



Ransomware Gang Plans to Call Victim's Business Partners About Attacks


(published: March 6, 2021)


The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site. As part of this deal, the REvil developers earn between 20-30% of ransom payments, and the affiliates make the remaining 70-80%. The new tactics include a free service where the threat actors will perform VOIP (Voice Over IP) calls to the media and victim's business partners with information about the attack.Recommendation: An interesting development in the ongoing growth of ransomware attacks is the concurrent growth in the customer service provided by threat actors. As far back as 2017, threat actors reportedly offered victims customer service portals and even direct contact to help facilitate ransom payments. As this latest report indicates, cybercriminals continue to evolve on the service side of their industry, now offering to act directly with media and third parties as a means to either drive payments or punish victims who refuse to pay ransoms.MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | anomali cyber watch finance ransomware