All

By Jesus Dominguez from Metabase Q’s Ocelot Team Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. Discovered for the first time in 2013, Ploutus enables criminals to empty ATMs by taking advantage of ATM XFS middleware vulnerabilities via an externally connected device. Since

By Ramses Vazquez & Miguel Gonzalez from Metabase Q’s Ocelot Team Context DARKSIDE/BLACKMATTER/ALPHV-BLACKCAT The ALPHV Ransomware group also known as BlackCat has positioned itself in the Top 5 of most active ransomware groups. Among the target industries of this group are construction, energy, financial, logistics, manufacturing, pharmaceuticals, retail, and technology. The scheme under which this

Salvador Mendoza from Metabase Q’s R&D Team // Introduction Social engineering attacks are among the most difficult to combat since their modus operandi is not based on an algorithm that can be blocked by a software update. It rather takes advantage of the lack of knowledge and the trust of users (mainly new ones) to

By Metabase Q’s Ocelot Threat Intelligence Team // Introduction LAPSUS$ is a cybercriminal group focused on cyberextortion with one single main objective, money. Hence the money symbol in their name. It’s important to mention that their way of acting is not traditional, this group enjoys the attention, so they choose to announce all their activities

By Miguel González  from Metabase Q’s Ocelot Team // Introduction Ransomware as a Service (RaaS) is what consolidated, industrialized cybercrime looks like. It is a business model between ransomware operators and affiliates in which affiliates – both, technical and non-technical – pay to launch ransomware attacks developed by operators. What makes it dangerous is how

By Jesús Domínguez from Metabase Q’s Ocelot Team // Summary Metabase Q’s Offensive Security Team, Ocelot, recently evaluated the protection capabilities of an XDR during an APT Simulation exercise – part of Ocelot’s portfolio. In this exercise, the Ocelot team found that FileZilla, one of the most popular and worldwide known FTP file transfer software,

Salvador Mendoza from Metebase Q’s R&D Team Car Hacking: Current Trend in Car Theft // Keyless entry system risks. Vol 1 // Research Summary With inexpensive hardware and Software Defined Radio (SDR) open-source tools, malicious individuals can compromise vehicles’ security entry systems by exploiting their keyless system weaknesses. Most automobiles around the world rely on

By José Zorrilla Metebase Q’s Ocelot Team Context Figure 1. Maksim Yakubets, leader of Evil Corp, wanted by the FBI since the end of 2019 Metabase Q’s offensive security team, Ocelot, discovered multiple malicious campaigns from the criminal group, EvilCorp. Since April 2021, they have been compromising Mexican websites and then using them to distribute