Protected: DarkSide — Infrastructure analysis
There is no excerpt because this is a protected post.
Tag
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more
DarkSide ransomware in the Colonial Pipeline incident: initial access hypotheses, fuel supply disruption on the US East Coast, ransom payment and operational impact.
Mapping a real Italian intrusion onto the MITRE ATT&CK framework: phases, techniques, telemetry sources and lessons for SOC detection-engineering.
Mass compromise impacting 50 000 organisations globally with 700 Italian entities affected: scope, exploitation chain and defensive priorities.
Field account of a ransomware incident response engagement: initial scoping, eradication, recovery decisions and lessons learned about preparation gaps.