The Russian Business Network (RBN) claimed to be a legitimate Internet service provider (ISP) back in 2006. Shortly after establishing its business, however, it gained notoriety for hosting the sites owned by spammers, malware operators, distributed denial-of-service (DDoS) attackers, and other cybercriminals.
WhoisXML API threat researcher Dancho Danchev obtained a publicly accessible list of email addresses known to be owned and used by Iranian hackers. The email addresses led us to more than 4,400 domain names, any of which can be weaponized and used in phishing, credential theft, and other forms of cyber attacks.
GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times.
The Maze Ransomware Group is one of the most notorious threat actor groups targeting large enterprises, such as Cognizant, Xerox, and Canon, and stealing massive amounts of sensitive data. Some of their ransomware distribution methods include spamming, phishing, and brute forcing.
In 2018, nine Mabna hackers were indicted by a U.S. grand jury for their involvement in different instances of cybercrime. Their victims included about 320 universities and over 50 private, government, and nongovernmental organizations in several countries.
The Democratic National Committee (DNC) breach was a high-profile cyber attack in recent history. Years later, the cybersecurity community can still benefit from insights and actionable intelligence relevant to the attack. In line with this, WhoisXML API threat researcher Dancho Danchev dove deep into the DNS system intrusion using publicly available indicators of compromise (IoCs). We further enriched his findings, allowing us to uncover:
Anything conveniently obtainable online is often ripe for cybercriminal picking, and that's certainly true for the most commonly used software. We can't live without them, after all, if we are to thrive and not just survive in the digital world.
Age is rarely an issue when it comes to malware campaigns, and that's certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20.
The infamous gray hat security company Ashiyane Digital Security Team has gone back online in 2021. At that time, WhoisXML API threat researcher Dancho Danchev exposed more than 100 domains belonging to the group. This analysis was recently expanded to further explore the Iran-based threat group's Internet-connected infrastructure.
Pay-per-install (PPI) businesses and affiliate networks made for a booming cybercriminal underground market from 2008 to 2013. Buoyed by the proliferation of fake antivirus (FakeAV) peddlers, operators made staggering profits from the sale of rogue security software.