Threat Context Monthly: Executive intelligence briefing for January 2024

Research & Threat Intel 24 Jan 2024

Written By

KrakenLabs Threat Intelligence Team, Outpost24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Spotlight threat: X (Twitter) accounts hacked

Over the past few weeks there has been an uptick of compromises on the social media platform X (formerly Twitter) to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. Some of the compromised accounts belong to government and business profiles, and marked with gold and grey checkmarks, giving more credibility to the fraudulent content.

Mandiant describes a Drainer-as-a-Service (DaaS) whose operators provide the drainer scripts to affiliates in exchange for a percentage of the stolen funds.

Some of the affected companies have revealed how these compromises occurred:

CertiK: Social engineering attack by a threat actor using a verified but compromised account to initiate a phishing attack on an employee.
Mandiant: Brute-force password attack that would have been mitigated with two-factor authentication (2FA).
US Securities and Exchange Commission (SEC) has not provided details about the compromise, but X’s Safety account confirmed that in this case, the compromise was due to an unidentified individual obtaining control over a phone number associated with the SEC account through a third-party, and that the account itself did not had 2FA enabled.

Emerging threat update from KrakenLabs

A cracked version of the Zeppelin ransomware builder was put for sale on the RAMP underground forum for just $500. Outpost24 KrakenLabs analyst believe this could lead to a widespread of new variants and new RaaS groups. 

Malware update from KrakenLabs

Threat actors behind the Akira ransomware family compromises are focusing on wiping the victim’s network-attached storage (NAS) devices usually used for backups as well as tape backup devices. This puts more pressure on the victim as there is no option of restoring data without paying.

Learn more about Threat Compass

Want more? Get started with Threat Compass to receive the latest actionable intelligence from our world-class in-house analyst team.

Get started with Threat Compass

About the Author

KrakenLabs Threat Intelligence Team, Outpost24

KrakenLabs is Outpost24’s Cyber Threat Intelligence team. Our team helps businesses stay ahead of malicious actors in the ever-evolving threat landscape, helping you keep your assets and brand reputation safe. With a comprehensive threat hunting infrastructure, our Threat Intelligence solution covers a broad range of threats on the market to help your business detect and deter external threats.