UPDATES
1
2
2
threat
UPDATES
1
SOUTH AFRICA
Sophos has shared details of a new ransomware group called Mad Liberator . Having first emerged in July 2024 , the group , believed to be based in Johannesburg , uses an unusual social-engineering tactic to gain access to the victim ’ s environment . Based on a recent Sophos X-Ops incident response investigation , Mad Liberator targets victims using remote access tools , such as Anydesk , installed on endpoints and servers , to request access and take control of the device . Sophos X-Ops researchers found no indication of contact between the attacker and victim prior to the victim receiving an unsolicited Anydesk connection desk . Christopher Budd , Director of Threat Research at Sophos , said : “ This new mode of exploitation of remote-access tools is proof of a wider trend in the ransomware industry .”
2
ARGENTINA
WithSecure has reported on the takedown of the
Dispossessor ransomware group . Stephen Robinson , Senior Threat Intelligence Analyst at WithSecure , said : “ The law enforcement takedown of Dispossessor is interesting , as they do not appear to be a particularly impactful or active ransomware group , so why go after them ? When they launched , they were described as simply reposting LockBit victims , and according to the FBI ’ s own statements they are only known to have performed around 40 attacks since they launched in 2023 .
“ Recently there have been a number of law enforcement disruption operations against cybercriminals in a short space of time . It may well be that the goal of this takedown is to maintain that operational tempo and keep the ransomware industry disrupted and off balance .”
The group has targeted organisations in the US , Argentina and Australia .
2
24 WWW . INTELLIGENTCISO . COM