Threats

How does ALPHV operate the RaaS membership program?

By Ramses Vazquez & Miguel Gonzalez from Metabase Q’s Ocelot Team Context DARKSIDE/BLACKMATTER/ALPHV-BLACKCAT The ALPHV Ransomware group also known as BlackCat has positioned itself in the Top 5 of most active ransomware groups. Among the target industries of this group are construction, energy, financial, logistics, manufacturing, pharmaceuticals, retail, and technology. The scheme under which this […]

How does ALPHV operate the RaaS membership program? Read More »

Redline, the infostealer used by LAPSUS$ in LATAM

By Metabase Q’s Ocelot Threat Intelligence Team // Introduction LAPSUS$ is a cybercriminal group focused on cyberextortion with one single main objective, money. Hence the money symbol in their name. It’s important to mention that their way of acting is not traditional, this group enjoys the attention, so they choose to announce all their activities

Redline, the infostealer used by LAPSUS$ in LATAM Read More »

Honey! I bypassed Cortex XDR with ransomware

By Miguel González  from Metabase Q’s Ocelot Team // Introduction Ransomware as a Service (RaaS) is what consolidated, industrialized cybercrime looks like. It is a business model between ransomware operators and affiliates in which affiliates – both, technical and non-technical – pay to launch ransomware attacks developed by operators. What makes it dangerous is how

Honey! I bypassed Cortex XDR with ransomware Read More »

Car Hacking: Current Trend in Car Theft

Salvador Mendoza from Metebase Q’s R&D Team Car Hacking: Current Trend in Car Theft // Keyless entry system risks. Vol 1 // Research Summary With inexpensive hardware and Software Defined Radio (SDR) open-source tools, malicious individuals can compromise vehicles’ security entry systems by exploiting their keyless system weaknesses. Most automobiles around the world rely on

Car Hacking: Current Trend in Car Theft Read More »

PINATA: The new cyberthreat affecting the financial sector

By Salvador Mendoza from Metabase Q’s R&D Team Metabase Q’s offensive security team, Ocelot, discovered a potential abuse of an inadequate issuer business practice to reset the PIN RETRY Counter (PRC) on Europay, MasterCard, Visa (EMV) chip contact cards. It would lead to a new attack called Pin Automatic Try Attack (PINATA). PINATA could brute

PINATA: The new cyberthreat affecting the financial sector Read More »

Neshta and Avaddon groups teaming up to infect Mexican company

By  Miguel Gonzalez from Metabase Q’s Ocelot Team Ransomware-as-a-Service is on the rise worldwide, and Mexico has become a target. Just a few days after the group Avaddon announced the compromise of Loteria Nacional, Ocelot detected a second variant of the malware targeting another company in the same country. In this blog, we present the

Neshta and Avaddon groups teaming up to infect Mexican company Read More »