The analysis reveals that Trickbot even has access to lawyers and, Cyjax concludes, is "very much a criminal advanced persistent threat" operation. This means it comes complete with a human resources system and salaried employees. "This is a large business which operates at a commercial level," Cyjax states. It became evident, very quickly, that Trickbot is not a ragtag collection of some criminal actors who are also proficient coders. The Trickbot Leaks included HR style membership records Cyjax Trickbot business management Department of Justice as well as Europol,” that “indictments have not been raised against the majority of these named threat actors.” "It is clear whoever is behind this leak was either very close to the group itself," the report states, "or had broad access to the group's records." In conversation with Chris Spinks, head of operations at Cyjax, he expressed surprise “given the level of personal detail in these leaks and the resources of the U.S. These Doxing PDFs appear to have combined open source intelligence (OSINT) data with insider knowledge. Cyjax analysts say they could determine overall member counts (at least 133 individuals) and locations, position within the gang, dates of birth, tax details, passport numbers, email and other contact details, and more. The sheer quantity and quality of personal information leaked about members of the Trickbot organization was genuinely unprecedented. The key findings of this deep dive into the Trickbot Leaks, and consequently the criminal cybergang itself, can be divided into three areas: members, operational infrastructure, and business management. I was surprised by the level of sophistication, not only from a technical standpoint with malware and infrastructure but also with the complex management systems used to run the organization." "While this research took time and required the development of bespoke tools to analyze the data," Joe Wrieden, the primary intelligence analyst at Cyjax involved in the report, told me, "I feel we have uncovered some key information that will help shape the way we view threat actors such as Trickbot. One Russian word that directly translates to toad was actually referring to the Jabber messaging service. By way of example, standard language translation tools encountered difficulty in dealing with slang and nuance. Cyjax had to develop a bespoke set of tools and processes. Of course, researching and analyzing this data was far from a straightforward task. The Trickbot Leaks make the Conti disclosures all but pale into insignificance, being not only four times the size but containing much more helpful information from the threat intelligence perspective. Cybersecurity Agency 'Strongly Urges' You Patch These 75 Actively Exploited Flaws By Davey Winder Analyzing the leaks: delving deep inside the Trickbot cybergang MORE FROM FORBES U.S. These became known in-house as the Doxing PDF files. PDF files were also leaked, Cyjax reports, "containing large amounts of information" that appeared to be about individual members. The Trickbot Leaks eventually consisted of more than 1,000 communication extracts, 250,000 messages, 2,500 IP addresses, and 500 potential crypto wallet addresses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |