Threat Content Highlights
Threat Profiles, Objects, & Tags
-
-
- “Trending & Emerging Threats” weekly update: Clop Extortion Ecosystem
- Clop is a ransomware family and a term often used to refer to cybercriminals who use or have been associated with this ransomware. Clop-associated actors made headlines multiple times in recent years, including recently, connected with file transfer software exploit campaigns, which led to data theft & extortion.
- Teams looking to assess their coverage around Clop might be tempted to consult the Clop Software object, but closer analysis of recent attacks shows that actors associated with Clop - namely FIN11 - have mainly used other techniques and tools, rather than data encryption and traditional ransomware. This profile includes a Campaign covering the most recent FIN11/Clop-linked exploit campaign, tools observed during recent FIN11 attacks, and the Group object for TA505, a distinct adversary regularly associated with Clop ransomware (for further background context).
- Monthly updates to Major & Emerging Ransomware & Trending Techniques curated Threat Profiles
- New objects added for FunkSec, which rose from obscurity to claim the highest number of victims last month. This group has also attracted considerable attention for its apparent use of artificial intelligence capabilities to facilitate its operations.