| Category | Details |
|---|---|
| Threat Actors | IntelBroker (cybercriminal, ransomware operator, and BreachForums leader) |
| Campaign Overview | IntelBroker’s involvement in high-profile breaches (e.g., AMD, Europol, Cisco), ransomware attacks, and data extortion. |
| Target Regions | Global, with specific breaches targeting corporations and government entities. |
| Methodology | Exploits public-facing vulnerabilities (e.g., Jenkins servers), uses stolen credentials, focuses on high-value data. |
| Product Targeted | Corporations and government data, ransomware payments in Monero (XMR). |
| Malware Reference | None explicitly mentioned but ransomware and infostealers used. |
| Tools Used | VPNs (Mullvad, TunnelBear, NordVPN, etc.), OSINT tools, Minecraft, email accounts, social media platforms. |
| Vulnerabilities Exploited | Public-facing vulnerabilities (e.g., Jenkins), stolen credentials. |
| TTPs | Exploiting vulnerabilities, leveraging VPNs for anonymity, using email trails, social engineering, leveraging Minecraft for cover. |
| Attribution | IntelBroker, possibly linked to AgainstTheWest hacking group. |
| Recommendations | Strengthening security against public-facing vulnerabilities, monitoring VPN traffic, using OSINT for threat actor tracking. |
| Source | Kela Cyber |
Read full article: https://www.kelacyber.com/blog/intelbroker-unmasked-kelas-in-depth-analysis-of-a-cybercrime-leader/
The above summary has been generated by an AI language model
Stay Updated with Our Newsletter
Related posts:
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
North Korea allegedly targeting crypto businesses with Mac-focused malware
CloudSorcerer – A new APT targeting Russian government entities
Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
Leave a Reply