This major criminal hacking group just switched to ransomware attacks ...they've switched to ransomware because it's the biggest and easiest pay day October 14, 2020 https://www.zdnet.com/article/this-major-criminal-hacking-group-just-switched-to-ransomware-attacks/ FireEye: FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group October 14, 2020 https://www.securityweek.com/fin11-spun-out-ta505-umbrella-distinct-attack-group
FIN11 e-crime group shifted to CL0P ransomware and big game hunting January 15, 2021 https://www.scmagazine.com/home/sec...fted-to-cl0p-ransomware-and-big-game-hunting/
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment October 21, 2021 https://threatpost.com/ta551-tactics-sliver-red-teaming/175651/ Proofpoint: TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks November 9, 2021 https://www.bleepingcomputer.com/ne...solarwinds-serv-u-flaw-in-ransomware-attacks/ NCC Group: TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
TrickBot teams up with Shatak phishers for Conti ransomware attacks November 10, 2021 https://www.bleepingcomputer.com/ne...shatak-phishers-for-conti-ransomware-attacks/ Cybereason: THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware IBM X-Force: Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds